The War on Porn Regular Updates about the Assault on The Adult Industry

SALT LAKE CITY — Utah’s latest update to its age-verification law took effect this week, but critics say the changes could create major compliance headaches for online platforms while raising broader concerns about privacy and internet access.

The newly enforceable provisions under SB 73 expand the state’s existing age-verification requirements in several ways. The law now gives the Utah Division of Consumer Protection authority to enforce the mandate directly, prohibits platforms from encouraging users to bypass restrictions through virtual private networks (VPNs) or similar tools, and requires covered websites to verify the age of users physically located in Utah regardless of the IP address attached to the connection.

That last part is what’s getting the most attention.

In a statement posted Tuesday, the Free Speech Coalition warned that the law could complicate compliance strategies many platforms currently rely on.

“In practical terms, this means that compliance strategies that depend on IP addresses, such as geoblocking may not be effective at mitigating liability,” the organization said.

The group noted that even platforms already conducting age verification for Utah visitors could still face legal exposure if a resident uses a VPN to mask their location or if an IP address is incorrectly associated with another nearby state such as Arizona or Nevada. And honestly, that’s where the situation starts to feel messy fast. Internet geography has never exactly been precise.

FSC Executive Director Alison Boden said the updated law creates a difficult environment for websites attempting to comply.

“Determining geolocation based on IP address is imperfect,” Boden said. “With SB 73, Utah is effectively overriding the laws of every other jurisdiction and requiring platforms to age-verify every single visitor to their sites. Platforms should discuss how to approach this situation with their attorneys.”

The organization also pointed out that another section of SB 73 — a new 2% excise tax on adult content sales within Utah — is scheduled to take effect Oct. 1, 2026.

Privacy advocates and digital rights groups have also raised concerns about the law’s provisions surrounding VPNs.

Critics argue the restrictions could create constitutional issues while weakening online privacy protections not only for Utah residents, but potentially for internet users more broadly. VPNs are commonly used for far more than bypassing geographic restrictions. Many people rely on them for security, encrypted browsing, or simply keeping personal data away from advertisers and data brokers.

In an analysis of SB 73, Rindala Alajaji, associate director of state affairs for the Electronic Frontier Foundation, argued the law’s new provisions are unlikely to stop determined minors from accessing restricted content.

“Won’t stop a tech-savvy teenager, but they certainly will impact the privacy of every regular Utah resident who just wants to keep their data out of the hands of brokers or malicious actors,” Alajaji wrote.

She added that the broader implications extend beyond Utah itself.

“Attacks on VPNs are, at their core, attacks on the tools that enable digital privacy,” Alajaji said. “Utah is setting a precedent that prioritizes government control over the fundamental architecture of a private and secure internet, and it won’t stop at the state’s borders.”

Additional guidance and policy analysis surrounding SB 73 has been made available through the Free Speech Coalition’s policy resources and action center for members and non-members seeking more information about the law and its implementation.

Read More »

The fear is real. That’s probably why this debate has gotten so heated so fast.

Parents worry about what kids are seeing online. They worry about pornography, self-harm content, predators, manipulative social media algorithms, all of it. Most people — honestly, probably almost everyone — agree children shouldn’t have unrestricted access to harmful material online.

But critics of the current push for age verification laws say governments and tech companies are moving too aggressively, and with consequences that could permanently reshape online privacy and anonymity.

What started years ago with a simple “Are you over 18?” checkbox has evolved into something much larger. Across multiple countries, age-verification systems now increasingly rely on government IDs, facial scans, video uploads and even biometric data. And with every new layer of verification comes another question hanging in the air: Where does all that information go?

When Data Is Collected, It Eventually Leaks

The risks tied to large-scale data collection are no longer theoretical. Last October, chat platform Discord disclosed that hackers had accessed records belonging to more than 70,000 users through a third-party vendor handling age-verification services for the company. The breach reportedly included photographs of government-issued identification documents.

Privacy advocates argue that incidents like that are almost inevitable when sensitive personal information is stored in centralized databases. The more valuable the data becomes, the larger the target grows for cybercriminals. And while major companies may invest heavily in security, critics say the broader ecosystem of smaller platforms and vendors often remains vulnerable.

Even outsourcing age checks to specialized verification companies does not eliminate the risks, opponents argue. In some ways, they say, it concentrates them. Businesses whose primary function revolves around storing identity information become attractive targets for hackers and potentially lucrative repositories for consumer data.

And there’s another concern quietly lingering beneath the surface: monetization. Companies that collect vast amounts of personal information may eventually face pressure to commercialize that data in some form, particularly if verification services become expensive to maintain.

There Are Few Trusted Players in This Debate

Governments have also faced scrutiny over their handling of age-verification systems.

The European Union recently introduced a mobile application intended to help verify users’ ages online. Security researchers quickly claimed they had identified major vulnerabilities in the system, with at least one hacker publicly stating flaws were discovered within minutes of testing.

At the same time, calls continue growing for large technology companies to handle age verification directly at the operating-system level. Supporters argue companies like Apple, Google and Microsoft already control the devices people use daily and could enforce protections more effectively than individual websites.

Apple recently announced new age-assurance measures in the United Kingdom, adding fuel to that debate.

But critics remain deeply skeptical about expanding the authority of major tech companies over identity verification and internet access. Those companies, they argue, already built much of today’s advertising-driven internet economy around large-scale data collection and behavioral tracking.

Opponents question whether giving technology giants even more control over who can access apps, websites and digital services would create additional risks surrounding surveillance, competition and consumer privacy.

Concerns Extend Beyond Children’s Accounts

Privacy advocates argue the broader implications stretch far beyond protecting minors.

Many fear that widespread age verification could gradually normalize mandatory identification for nearly all internet activity, regardless of whether the content involved is legal, adult-oriented or politically sensitive.

Technology companies already respond to large volumes of government data requests every year, many involving user information. Critics argue that if governments increasingly require digital identities tied to verified credentials, it could create new mechanisms for tracking online activity and restricting access.

Some opponents warn the systems could eventually expand beyond age restrictions into other forms of digital gatekeeping, including nationality-based restrictions or politically motivated blocks.

Questions surrounding international precedent also continue surfacing. If one country mandates government-linked digital IDs for internet access, critics ask, how long before others follow? And if platforms possess verified identity systems tied to millions of users, what pressure might governments place on those companies to share information or restrict access?

Privacy advocates say anonymity online remains important not only for ordinary users, but also for whistleblowers, dissidents, abuse victims and people seeking sensitive information or support services.

Without anonymity, critics argue, many people may simply stop speaking openly.

Pressure Should Shift — But Not Entirely to Big Tech

Even many critics of age-verification mandates acknowledge technology companies still bear responsibility for protecting younger users online.

Advocates for alternative approaches argue companies should focus more heavily on improving parental-control systems at both the device and application level. Those controls, they say, should be easier to locate, easier to understand and more effective for families trying to manage children’s online access.

Rather than creating universal identification systems for all internet users, critics argue decision-making authority should remain primarily with parents and guardians.

Some privacy advocates also argue that any age-verification system adopted in the future should remain narrowly limited to platforms presenting the highest potential risks, such as pornography sites or certain social media services.

And if governments ultimately decide some form of verification is unavoidable, critics insist strict technical safeguards must be built into the systems from the beginning.

Among the proposals frequently discussed are device-based verification conducted entirely on the user’s phone or computer, temporary facial-age estimation systems that immediately discard biometric data, anonymous “yes or no” age confirmations transmitted under end-to-end encryption, and open-source code allowing independent experts to inspect how the systems operate.

The Core Debate Isn’t Going Away

For opponents of sweeping age-verification systems, the larger issue is not whether children should be protected online. Most agree they should.

The argument instead centers on whether the current solutions risk creating a permanent infrastructure for surveillance, identity tracking and expanded corporate control over internet access.

Critics also point toward the broader economic incentives shaping online platforms. Many argue the advertising-driven business model dominating large parts of the internet encourages companies to maximize engagement, collect personal information and keep users — especially younger users — constantly connected.

Meta, parent company of Facebook and Instagram, has publicly supported age-verification measures for years. Critics argue those efforts may also help shift responsibility for youth safety away from platforms themselves and toward app stores, device makers and governments.

Meanwhile, lawmakers across multiple countries continue searching for ways to address growing public concern over online harms affecting children.

And that’s really the tension sitting underneath all of this. Almost nobody disagrees there are dangers online. The disagreement is about how much privacy society is willing to surrender trying to solve them — and whether those tradeoffs can ever truly be reversed once they become normal.

Read More »

The phrase “porn in schools” hit like a fire alarm a few years ago. Loud, emotional, impossible to ignore. In 2021, the conservative group Florida Citizens Alliance released its “Porn in Schools Report,” a publication later amplified by Florida Gov. Ron DeSantis. The report claimed sexually inappropriate material was being made available to students in schools. But the books at the center of the controversy weren’t explicit websites or illicit images. They were books written for children and teenagers.

Now, lawmakers in Congress are revisiting that same debate through the proposed Stop the Sexualization of Children Act. The bill would withhold federal funding from schools and libraries that provide access to what its sponsors describe as “sexually oriented material.”

Over five years of tracking book removals nationwide, PEN America says it has not identified a single banned school library book that legally qualifies as pornography. Distributing pornography in schools is already a felony offense carrying potential prison time. Despite repeated allegations surrounding “pornographic” books, the organization says none of the thousands of challenged titles it reviewed meet either a legal or commonly accepted definition of pornography.

According to PEN America, many of the books challenged or removed instead contain LGBTQ+ characters and themes, discussions of race and racism, sexual experiences, or difficult subject matter such as gun violence and sexual abuse.

Supporters of removing the books argue the effort is about protecting children from harmful material. Opponents counter that literature and storytelling remain essential parts of public education and argue students should have access to a wide range of perspectives, identities, histories and experiences through books.

Laney Hawes, co-founder of the Texas Freedom to Read Project, once remarked that “Fear is effective.” That sentiment has become central to the broader debate over book restrictions in schools. Concerns initially framed around pornography, critics argue, expanded into broader disputes involving diversity, equity and inclusion programs, educators, librarians, and discussions surrounding gender identity. In response, states and local governments across the country adopted policies and laws regulating material considered “harmful to minors” or “sexually explicit.”

PEN America says vague language in those policies has often led schools and districts to remove books more broadly than intended. Critics of the congressional proposal question how schools would interpret the measure if it became law. They point to books such as In the Night Kitchen, which includes illustrations of childhood nudity, or Red: A Crayon’s Story, a title frequently associated with themes of identity and acceptance.

The legislation also contains exemptions for certain literary classics identified by Compass Classroom, a homeschooling educational program built around a Bible-based curriculum. However, modern works including The Kite Runner and The Bluest Eye are not specifically exempted. Critics say those books could face restrictions because they contain depictions of sexual violence. They also point to books involving transgender characters, including Gracefully Grayson, as examples of titles that could be affected under the proposal.

If enacted, the bill would place school districts nationwide — including those that have resisted book removals — into the center of the growing debate over educational content. This week, more than 100 organizations urged voters to contact members of Congress and oppose the legislation.

Critics of the proposal argue that claims involving pornography, dangerous books, or harmful educators have shaped public debates in communities across the country despite little evidence supporting many of the accusations. They say the controversy has increasingly blurred distinctions between explicit material and books that simply address difficult or controversial subjects.

Some opponents also argue the effort connects to a broader political movement supporting school vouchers and expanded private education options, themes associated with Project 2025. Others point to parents who encounter isolated excerpts from books online and later campaign for their removal, despite ongoing disagreement among researchers and educators about whether exposure to such literature causes harm.

At the same time, students, parents, teachers, librarians and authors continue pushing back against book removals in schools. Supporters of broader access to literature argue books can strengthen critical thinking, improve academic performance, encourage empathy and reduce stress. Multiple studies examining reading habits have found positive educational and emotional outcomes tied to recreational reading.

Some educators and advocates also argue that books discussing sexuality or relationships can provide students with information about consent and healthy relationships rather than encouraging harmful behavior.

Polling and advocacy efforts around the country suggest many students and parents support maintaining broad access to books, even when certain content may be uncomfortable or controversial. Critics of book bans argue that disagreement with a book’s themes should not result in restricting access for all students or eliminating discussions involving certain identities or perspectives.

Meanwhile, reading for pleasure among children has continued to decline over the past two decades. For many educators and literacy advocates, that trend may be one of the larger concerns quietly sitting beneath the noise of the current debate.

Read More »

Money doesn’t just talk anymore. Increasingly, it decides who gets heard at all.

Banks are combing through adult websites searching for flagged words, questionable scenes, and content they think might create legal exposure. Payment processors are making judgment calls about alleged misinformation tied to wars and politics. In some cases, even a donation to a cannabis advocacy organization can trigger scrutiny. Quietly, steadily, financial institutions have become gatekeepers in places most people probably never imagined.

Rainey Reitman saw an early version of this more than a decade ago while helping support imprisoned whistleblower Chelsea Manning. The fundraising campaign she worked on operated through an organization called Courage to Resist. Then, in 2011, its PayPal account was suddenly frozen. Reitman and the group’s leadership struggled to get a straight answer beyond vague references to the PATRIOT Act. Repeated attempts to resolve the issue with PayPal representatives went nowhere. Public attention, however, changed things fast.

“When PayPal reversed their decision so quickly in response to the publicity surrounding our press release, it was clear to me….We really had done nothing wrong,” Reitman writes in Transaction Denied: Big Finance’s Power to Punish Speech. “If there had been any legal requirement for PayPal to suspend our account, they wouldn’t have changed their mind just because people were tweeting at them.”

That experience pushed Reitman deeper into what she now describes as “financial censorship.” In her book, the term refers to banks, credit card companies, and payment processors restricting or shutting down accounts belonging to “controversial or marginalized speakers who haven’t violated any laws,” effectively turning financial systems into “a tool to pressure dissenting and marginalized voices” into silence.

What Is Financial Censorship?

“It is a form of privatized censorship where banks and payment intermediaries act as censors in ways the government couldn’t do directly without violating the First Amendment,” writes Reitman, a longtime civil liberties advocate and co-founder of the Freedom of the Press Foundation.

And no, Reitman isn’t especially interested in debates over whether “censorship” technically applies only to governments. “I think that’s a pedantic and unhelpful distinction,” she writes.

Transaction Denied traces how financial censorship — sometimes called “financial exclusion” or “debanking” — has affected people and organizations over the last 15 years. Protesters, journalists, gun-rights activists, adult creators, Muslim business owners, cannabis advocates, erotica writers, religious liberty groups, and even naked yoga instructors all appear in its pages. Strange mix, honestly. But that’s partly the point.

Legally speaking, banks and payment processors generally have broad discretion over who they do business with, provided they are not discriminating against protected groups based on characteristics such as race, religion, or sex. A financial institution can usually close an account for almost any other reason, whether it’s reputational concerns, moral objections, or simple risk avoidance.

Reitman acknowledges that reality while also arguing the system may need reform. “People today cannot survive on wads of cash stuffed under a mattress; they need access to payment and banking services to exist in society,” she writes. Among her proposals are laws preventing financial institutions from denying services based on constitutionally protected speech, stronger enforcement of antidiscrimination protections, and greater transparency around account closures and appeals.

Still, even without embracing all of Reitman’s proposals, the broader concerns she raises are difficult to ignore. Financial exclusion, she argues, often overlaps with more traditional forms of speech suppression in ways that are increasingly hard to separate.

Government ‘Censorship by Proxy’

Reitman argues that financial companies are not always acting independently when accounts are closed over controversial speech or politically sensitive activity. In many cases, she says, institutions are responding to direct or indirect government pressure.

Sometimes that pressure is explicit, as in disputes involving the National Rifle Association, Backpage, and WikiLeaks.

In Illinois, former sheriff Tom Dart sent letters to credit card companies urging them to “cease and desist from allowing your credit cards to be used to place ads” on Backpage, a classified advertising platform widely associated with sex-work listings. In New York, financial regulators under then-Gov. Andrew Cuomo warned banks that maintaining ties to the NRA could pose “reputational risk,” language financial institutions often interpret as a warning sign for increased regulatory scrutiny. Following the publication of leaked State Department cables by WikiLeaks, then-Sen. Joe Lieberman publicly accused the organization of criminal conduct and suggested companies maintaining relationships with the group risked aiding illegal activity.

Other times, the pressure is less direct. Reitman points to efforts like Operation Choke Point, as well as regulatory systems used by agencies such as the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation, where vague assessments of “reputational risk” can influence how banks handle customers. Financial institutions, eager to avoid regulatory headaches, often respond by adopting aggressive risk-management systems.

“Often in cases of financial censorship, there’s a whiff of government involvement but it’s hard to prove,” Reitman notes.

In other instances, the issue stems from compliance systems tied to anti-money laundering and anti-terrorism laws. “Know your customer” requirements, which force banks to verify customer identities and monitor transactions, expanded significantly after passage of the USA PATRIOT Act. Reitman argues that these systems frequently sweep up lawful customers who have done nothing illegal.

Economic sanctions create another layer of pressure. Financial institutions are expected to help enforce sanctions programs, and the penalties for mistakes can be severe. As a result, many institutions adopt broad enforcement policies to avoid scrutiny.

That environment contributed to a bizarre but revealing situation involving New York City Councilwoman Shahana Hanif. A $14 Venmo payment she sent to reimburse a friend for lunch at a Bronx Bangladeshi restaurant called Al Aqsa was reportedly blocked after the restaurant’s name triggered automated systems tied to sanctions enforcement. While “Al Aqsa” is a common Arabic term used by many businesses, an unrelated organization with a similar name appears on U.S. sanctions lists.

For many Americans — particularly Muslim communities and people connected to certain foreign regions — such incidents can create recurring financial obstacles, even when no wrongdoing exists.

Culture and Courts Encourage Financial Censorship

Government pressure may play a significant role, but Reitman argues cultural and political activism have also shaped the current environment.

Activists across the political spectrum increasingly pressure financial institutions and digital intermediaries to sever ties with people or organizations viewed as objectionable. Over time, providing neutral services has become framed less as infrastructure and more as implicit endorsement.

That shift, critics argue, creates a dangerous precedent.

“Just because it might make you happy today to see a person that you don’t agree with losing access to their money and suffering, that doesn’t mean that that same mechanism might not be turned against you down the road,” Lia Holland of Fight for the Future told Reitman.

The legal consequences of this evolving mindset are already surfacing in court.

One closely watched case involves Visa, Pornhub, and Serena Fleites, who alleges that videos she recorded as a teenager were uploaded to Pornhub without her consent. Fleites argues that Pornhub facilitated sex trafficking and that Visa, by processing payments connected to the platform, participated in that venture. Reitman notes that there is no allegation Visa processed payments tied specifically to the videos in question, and that the overwhelming majority of Pornhub’s content involved legal adult material. Still, a judge declined to dismiss the claims against Visa.

The implications could be enormous.

“If credit card companies are held liable for the potential illegal content hosted by websites that have any kind of payment or advertising service, it creates an untenable burden on credit card companies to review and police every piece of content on any aspect of the web that has any form of payment,” Reitman writes. “It is hard to overstate how far-reaching and dangerous it would be for the courts to hold Visa liable because users decided to upload illegal content onto Pornhub.”

Critics warn that such liability standards could pressure payment processors to aggressively police speech and content across vast portions of the internet, especially on platforms hosting user-generated material or controversial discussions.

Bankers as Sex Police

Faced with legal exposure and reputational concerns, many financial institutions have adopted increasingly strict oversight of adult content platforms.

“Bankers are making sweeping decisions about what types of sexual speech should exist online today,” Reitman writes.

Mike Stabile of the Free Speech Coalition told Reitman that adult websites sometimes provide banks with passwords allowing direct review of platform content. According to Stabile, banks routinely flag specific words, categories, and scenes that sites must remove in order to maintain payment processing services.

Meanwhile, Cathy Beardsley, CEO of Segpay, said banks and payment companies also use automated scanning systems to monitor merchant sites.

“Use spiders, and they’ll go through the websites monthly looking for terms and words that will get flagged, that we have to then have our merchants clean up,” Beardsley told Reitman.

Mastercard receives particular attention in the book for what critics describe as broad and often vague standards governing acceptable content. Banks and payment processors are frequently left interpreting those standards on their own, creating inconsistent enforcement and uncertainty across the adult industry.

Whether driven by liability fears, public pressure, or institutional conservatism, large financial companies wield enormous influence over who can participate online. Reitman argues that limited competition within banking only magnifies that power.

“Banks enjoy special privileges and benefits (like government backed insurance), and there are lots of barriers to entry for start-up companies wanting to enter the financial space,” she notes.

More competition, she suggests, could reduce some of the pressure points currently shaping the industry. But heavy regulation also makes new entrants difficult.

A Section 230 for Banks?

Among Reitman’s more notable proposals is legislation modeled loosely after Section 230 protections for internet platforms.

“We need legislation to make it clear that payment intermediaries, banks, and credit card companies are not liable for the activities of the people and institutions who use their services,” she writes.

The book also explores the potential — and limitations — of alternatives such as cash and cryptocurrency.

More than anything, though, Transaction Denied frames financial exclusion as a growing systemic issue rather than a series of isolated incidents. Cases involving WikiLeaks, Backpage, Pornhub, or the NRA are often easy for the public to dismiss because they involve polarizing organizations or industries. But Reitman argues the underlying mechanisms extend far beyond any one political movement, industry, or ideology.

By tracing stories across a wide range of communities and viewpoints, the book presents financial exclusion as the product of overlapping political, regulatory, cultural, and corporate pressures. The institutions enforcing these restrictions may be private, but the incentives shaping their behavior often originate elsewhere.

And that may be the part making some people uneasy now. Not just who loses access to financial systems — but how ordinary the process has started to feel.

Read More »

LOS ANGELES — Dutch prosecutors and law enforcement authorities have moved to shut down the controversial tube platform Motherless.com, marking a major escalation in the growing international scrutiny surrounding the site.

The takedown effort appeared to begin Thursday. The Netherlands Public Prosecution Service confirmed to multiple news organizations that a preliminary investigation is underway to determine whether the site’s operators engaged in criminal conduct.

Dutch public broadcaster NOS reported that prosecutors acted following its own investigation alongside reporting by CNN in the United States. According to NOS, authorities determined that Netherlands-based hosting provider NFOrce Internet Services was hosting content tied to Motherless.com users.

Under mounting pressure, NFOrce informed the operators of Motherless.com that hosting services had been suspended pending the outcome of what the company described as an internal “abuse and compliance escalation” review.

“Following recent media publications and additional internal review, NFOrce initiated an enhanced compliance and abuse-handling review relating to Motherless.com,” the company said in a published statement.

NFOrce also released portions of correspondence sent to its listed point of contact for the site.

“Given the seriousness of the matters raised publicly, including allegations relating to potentially unlawful, exploitative, or non-consensual content categories, NFOrce requires your urgent written response and confirmation regarding the matters outlined below,” wrote NFOrce director Simon Elimeleh in the notice. “This review is being conducted as part of NFOrce’s ongoing abuse-handling, compliance, and risk assessment obligations as an infrastructure provider.”

NFOrce said the site’s operators were given between 12 and 24 hours to respond to several requests outlined in the letter, which was sent Thursday, May 7.

Among the demands were requirements for an “immediate content review and removal,” along with an audit of keywords, category tags, trust and safety procedures, and overall legal compliance practices.

“Failure to provide a complete and satisfactory response within the requested timeframe, failure to demonstrate appropriate remediation efforts, or failure to comply with applicable legal or contractual obligations may result in further review of the continuation of services, including possible suspension or termination measures where appropriate,” Elimeleh said.

Motherless.com has faced criticism for years over allegations involving illegal and non-consensual material, as well as widespread copyright infringement. Following detailed investigations published by CNN and NOS, pressure intensified on Dutch authorities to pursue legal action against the platform.

According to CNN’s reporting, investigators identified extensive amounts of abusive and unlawful content on the site. The report described the platform as part of what it called a global “rape academy,” including online groups where men allegedly discussed and encouraged sexual violence against partners and spouses. The investigation also documented videos depicting gender-based violence and alleged drug-facilitated assaults, including so-called “sleep” videos involving individuals believed to be unconscious or under the influence of drugs.

The platform has also faced regulatory pressure elsewhere in Europe. In the United Kingdom, digital regulator Ofcomhas been pursuing enforcement actions tied to age-verification requirements and other provisions under the Online Safety Act. Motherless previously received fines totaling nearly $1.1 million over compliance failures connected to those rules.

Motherless is reportedly operated by Kick Online Entertainment, a Luxembourg-registered entity. Dutch authorities are also examining other affiliated companies connected to the operation, including businesses reportedly based in Costa Rica and other jurisdictions.

Read More »

LOS ANGELES — Aylo, the parent company behind Pornhub.com, reached an agreement last week with the state of Utah that temporarily pauses enforcement of a law aimed at stopping people from using virtual private networks to bypass the state’s age-verification requirements. According to court filings, enforcement is now scheduled to begin Sept. 3.

The agreement follows a lawsuit Aylo filed in late April against Utah’s Division of Consumer Protection and Department of Commerce in the U.S. District Court for the District of Utah. The complaint alleges multiple constitutional violations, including claims that the state’s actions interfere with interstate and foreign commerce protections outlined in the U.S. Constitution.

The lawsuit also argues that Utah is engaging in what it describes as “unlawful state extraterritorial regulation.” Aylo Freesites Ltd. and Aylo Group Ltd. are foreign corporate entities connected to Aylo’s broader ownership structure, which is headquartered in Montreal, Québec, and ultimately controlled by Ottawa-based Ethical Capital Partners.

“This new law is unconstitutional for three independent reasons: it constitutes impermissible extraterritorial legislation, it violates the dormant Commerce Clause, and it also violates the Foreign Commerce Clause by interfering with purely international transactions involving foreign entities and foreign nationals,” attorneys for the plaintiffs argued in court filings.

Representing the plaintiffs are Annika L. Jones and Brandon S. Fuller, partner and associate at the Salt Lake City office of Snell & Wilmer LLP.

Aylo is also represented by attorneys from the Washington, D.C., office of Jenner & Block LLP, including managing partner Lindsay Harrison, partner Jessica Ring Amunson and special counsel Daniel Schwei. Attorneys for the state of Utah later reached the agreement with Aylo’s legal team to postpone enforcement of the VPN-related provisions.

Earlier this year, Utah Gov. Spencer Cox signed Senate Bill 73 into law. The measure imposes a 2 percent excise tax on adult content sold digitally within the state. Included in the legislation is a provision prohibiting users from using VPNs or similar IP-masking tools to bypass age-verification systems and content restrictions.

When Utah first enacted site-level age-verification requirements in 2023, Aylo responded by geoblocking access within the state. At the same time, VPN services remained widely available through major app marketplaces, making it relatively simple for users to circumvent geographic restrictions.

Lawmakers introduced SB 73 in part to address that issue, and the proposal moved through Utah’s Republican-controlled legislature with limited opposition.

The law states that “an individual is considered to be accessing the website from this state if the individual is actually located in the state, regardless of whether the individual is using a virtual private network, proxy server, or other means to disguise or misrepresenting the individual’s geographic location to make it appear that the individual is accessing a website from a location outside this state.” The legislation also seeks to prohibit publishing information that promotes the use of VPNs to evade age checks.

Enforcement of the VPN-related provision had been expected to begin today. Under the new agreement, however, enforcement is delayed until Sept. 3. The 2 percent excise tax is still set to take effect in October.

“[The] defendants shall not take enforcement action or otherwise seek to impose liability pursuant to [the bill] for any conduct by plaintiffs or their affiliates that occurs during the period of forbearance,” a memo filed with the court states. The filing was signed by attorneys representing Aylo as well as lawyers from the office of Utah Attorney General Derek Brown.

“During that period, Plaintiffs and their affiliates shall also not change any of their current geofencing practices in Utah,” the memo continues, effectively preserving the current status quo while the litigation proceeds.

Lawrence Walters, an attorney known for handling litigation involving the adult entertainment industry, described the agreement as a practical decision.

“The state was smart to agree to forego enforcement of this ill-considered law pending review by the courts,” Walters said.

He added, “The expectation to identify the location of users who access a website through a VPN is an impossibility. The law is extremely vulnerable to constitutional challenges, and the state could be on the hook for significant damages and attorneys’ fees, particularly if it moved forward with enforcement proceedings.”

A major argument in Aylo’s lawsuit is that SB 73 could cause irreparable damage to both its business operations and broader access to privacy-focused internet technology.

“There is no feasible way for a company like Aylo to reliably verify whether any particular individual is using a VPN, proxy server, or other location-masking technology—and therefore no way to determine whether a user who appears to be located outside Utah is, in fact, located inside Utah,” an Aylo spokesperson said.

The company also argues that Utah lacks legal standing to regulate conduct occurring beyond its borders.

“Utah is projecting its policy choices onto conduct occurring entirely outside its borders, in states and countries that have made different legislative judgments,” the spokesperson added. “It is our opinion that this new law is unconstitutional and that no single state has constitutional authority to set the terms under which a global company may operate on the global Internet.”

Adult industry attorney Corey Silverstein said the case raises broader questions extending beyond Utah alone.

“Aylo’s lawsuit underscores the growing constitutional collision between online age-verification mandates and digital privacy rights,” Silverstein said. “While lawmakers frame these laws as child-protection measures, the practical effect is forcing adults to surrender sensitive personal information to access legal content online.

“That raises serious First Amendment, cybersecurity and anonymity concerns, especially when states continue expanding these laws beyond websites and toward VPNs, app stores and broader internet access,” he added. “The courts are now being asked to decide whether governments can effectively build a digital ID checkpoint system around lawful speech.”

VPN technology continues to present challenges for regulators attempting to enforce age-verification rules in multiple jurisdictions. In Indiana, for example, state officials have sued Aylo, alleging the company violated local age-verification requirements by failing to block traffic routed through VPNs and proxy services.

Read More »

Utah, having discovered the same thing noticed by literally every other jurisdiction to impose an age gate on sexually explicit content, recently ‘updated’ its age-verification mandate to penalize website operators who “facilitate or encourage” the use of a virtual private network (VPN), proxy server, or “other means to circumvent age verification requirements.”

The amended law also holds that “an individual is considered to be accessing the website from this state if the individual is actually located in the state, regardless of whether the individual is using a virtual private network, proxy server, or other means to disguise or misrepresent the individual’s geographic location to make it appear that the individual is accessing a website from a location outside this state.”

The changes to Utah’s law don’t amount to a “ban” on VPN use in the state, but the provisions related to preventing covered entities from facilitating or encouraging VPN use have a clear chilling effect – and present a legal pitfall that goes beyond simply requiring adult websites to verify a user’s age.

“By holding companies liable for verifying the age of anyone physically in Utah, even those using a VPN, the law creates a massive ‘liability trap,’” noted Rindala Alajaji, Associate Director of State Affairs for the Electronic Frontier Foundation. “Just like we argued in the case of the Wisconsin bill, if a website cannot reliably detect a VPN user’s true location and the law requires it to do so for all users in a particular state, then the legal risk could push the site to either ban all known VPN IPs, or to mandate age verification for every visitor globally. This would subject millions of users to invasive identity checks or blocks to their VPN use, regardless of where they actually live.”

And while the Utah law doesn’t go as far as one version of the Wisconsin bill would have (a bill that has been vetoed by Gov. Tony Evers), as Alajaji observed, “muzzling the websites themselves from sharing information about VPNs… raises significant First Amendment concerns, as it prevents platforms from providing basic, truthful information about a lawful privacy tool to their users.”

So, while the law doesn’t outright ban the use of a VPN or other means of circumventing an age gate or geofence, this silver lining only goes so far in blunting the law’s chilling effect on speech.

“Under a ‘don’t ask, don’t tell’ style of enforcement, websites likely only have an obligation to ask for proof of age if they actually learn that a user is physically in Utah and using a VPN,” Alajaji wrote. “If a site doesn’t know a user is in Utah, their broader obligation to police VPNs remains murky. So, while SB 73 isn’t as extreme as the discarded Wisconsin proposal, it remains a dangerous precedent.”

And, of course, it wouldn’t be a discussion of an age-verification law if someone didn’t point out the (obvious) privacy implications underlying it all. As one resident of the state put it in a recently published letter to the Salt Lake Tribune, “SB73 pushes adults toward handing over identifying information just to access legal online material. That creates real privacy risks.”

“Once identification systems are built, the information can be stored, breached, misused or demanded for other purposes later,” the letter’s author added. “Utah lawmakers may call this child protection, but it looks a lot more like another government-approved tracking system.”

Twisting the rhetorical knife a bit further, the letter adds that “Utah has a bad habit of passing laws that sound moral in a committee hearing but become a technical and constitutional mess in the real world” and “SB73 fits that pattern.”

“Protecting children matters. But turning every adult internet user into a walking ID check is not protection,” the letter concludes. “It is surveillance with a family-values bumper sticker.”

Couldn’t have said it better myself.

Read More »

NICOSIA, Cyprus — Aylo announced Tuesday that Pornhub access has been restored in the United Kingdom for Apple users who complete Apple’s age-verification process through iOS devices.

The company said the change follows Apple’s rollout of device-based age verification in the U.K. through iOS 26.4.

In a statement, Aylo Vice President of Brand and Community Alex Kekesi said, “For years, Aylo has advocated for device-based age verification as the most effective and privacy-protecting approach to help prevent minors from accessing age-inappropriate content online. With the release of iOS 26.4, Apple has introduced the world’s first-ever device-based age verification solution for its users in the U.K., a major first step toward a global solution that stands to better protect children everywhere. As a result, today Aylo welcomes eligible age-confirmed U.K. iOS users back to Pornhub.”

Aylo had previously implemented age-assurance measures in the U.K. to comply with requirements under the Online Safety Act. In February 2026, however, the company began restricting access to its free video-sharing platforms in the country unless users had existing accounts, citing concerns about what it described as flaws in the law’s verification framework.

Following Apple’s March release of iOS 26.4, the company introduced account-level age verification for U.K. users. Aylo said the system represents “one of the strongest and hardest to circumvent protections currently available for helping prevent minors from accessing age-inappropriate content.”

During a press conference Tuesday, Ethical Capital Partners partner Solomon Friedman said the ownership group behind Aylo welcomed Apple’s implementation of device-based age assurance across the U.K., while Kekesi described the rollout as “a huge step.”

“We believe this is the path forward,” Kekesi said, adding that the company hopes similar systems will eventually expand to other operating systems and additional international markets.

Aylo has previously blocked access to its sites in several U.S. states with age-verification laws, along with France and Australia. Kekesi said the restoration of access in the U.K. marks the first time the company has resumed operations in a market after suspending access over verification concerns.

“This is the first time we are effectively coming back to a market because we have a solution that in our view permits us to do that in the safest way possible,” she said. “This is a really exciting day.”

Kekesi said the verification process takes place within Apple’s ecosystem, eliminating the need for users to complete additional verification steps directly on the site.

“It offers a much more seamless experience to the user,” Kekesi said.

Friedman said Aylo views that process as important because users often migrate to sites that do not comply with verification requirements when verification systems become cumbersome.

“Right now, when you Google ‘free porn’ from the U.K., half the results Google and Bing return are sites that are noncompliant,” Friedman said.

Friedman also said Apple’s system satisfies the company’s standards for effective age assurance because it does not require users to provide personal information directly to websites and is more difficult to bypass than many existing platform-based systems.

“Apple’s got it right,” Friedman said.

Ethical Capital Partners partner Sarah Bain said the restored access currently applies only to Pornhub and not to other Aylo-owned platforms including YouPorn and Redtube.

“Aylo is rolling this out in a measured way,” Bain said.

Read More »

RALEIGH, N.C. — A proposal moving through the North Carolina legislature would place a new 10% tax on certain adult materials sold at brick-and-mortar stores across the state.

Filed last week by three state senators, SB 1007 would create what it calls a “harmful materials tax” on visual content considered “prurient” and harmful to minors when sold in any physical retail setting.

The bill defines those materials as “pictures, drawings, video recordings, films or other visual or physical depictions or representations, including digital or computer-generated visual depictions or representations created, adapted, or modified by technological means, such as algorithms or artificial intelligence, but not material consisting entirely of written words.”

Under the proposal, the 10% tax would apply to gross receipts from the sale of such material. The language does not distinguish between adult-only businesses and general retailers, meaning any store offering adult videos, magazines, or similar visual content that meets the definition could fall under the tax.

That definition reads: “Any material or performance that depicts sexually explicit nudity or sexual activity and that, taken as a whole, has the following characteristics: a. The average adult person applying contemporary community standards would find that the material or performance has a predominant tendency to appeal to a prurient interest of minors in sex; and b. The average adult person applying contemporary community standards would find that the depiction of sexually explicit nudity or sexual activity in the material or performance is patently offensive to prevailing standards in the adult community concerning what is suitable for minors; and c. The material or performance lacks serious literary, artistic, political, or scientific value for minors.”

North Carolina has enacted several measures related to adult content in recent years. In 2025, lawmakers overrode a gubernatorial veto to pass the Prevent Sexual Exploitation of Women and Minors Act. The law requires age and consent verification for performers beyond federal record-keeping standards under Section 2257, mandates written consent for each sexual act depicted, and requires separate consent for distribution. It also requires platforms to remove content if a performer withdraws consent at any time, regardless of prior agreements.

Elsewhere, lawmakers have pursued a range of taxes and regulatory measures affecting adult content.

Utah and Alabama have adopted excise taxes on adult sites, while proposals in Virginia and Pennsylvania would introduce similar policies. In January, the U.S. Supreme Court declined to review a lower court ruling that allowed enforcement of a 2001 zoning law aimed at limiting the locations of adult retail stores in New York City.

In Tennessee, a separate bill would require adult businesses, including stores and theaters, to post warnings stating that patrons “may be contributing” to sexual assault and human trafficking. The measure is expected to be sent to the governor.

SB 1007 has been referred to the North Carolina Senate Rules and Operations Committee.

Read More »

Utah’s Senate Bill 73 will take effect May 6, adding new requirements to the state’s age verification law. Websites covered by the law will be prohibited from explaining how VPNs can be used to bypass age restrictions. They will also be responsible for enforcing age verification for users physically located in Utah, even when a user’s virtual location appears to be outside the state.

The provisions are framed as updates to Utah’s existing age verification law, but they could have broader legal and technical implications. One provision bars covered businesses from discussing VPN workarounds on their websites, a restriction that could face First Amendment challenges.

The location-enforcement provision has raised concerns among online freedom advocates. A VPN can make a user appear to be accessing a website from another state or country. Under the law, if an underage Utah resident uses a VPN to appear outside Utah and gains access to restricted material, the website could face liability.

The law leaves affected online businesses with limited options. One option would be to require age verification for all users, regardless of location, which would affect every visitor to the site and could reduce traffic or revenue.

Another option would be to attempt to block VPN traffic. That approach can be technically difficult because VPN traffic can be made to resemble ordinary web traffic. Websites often rely on blocking IP addresses associated with VPN services, but VPN providers can add new addresses.

Blocking VPN use also raises broader rights concerns. In many countries, VPN access is associated with privacy and free expression protections. Utah’s law places new pressure on websites to determine a user’s physical location in a way that may be difficult to enforce without broader restrictions on privacy tools.

So far, states have largely avoided outright VPN bans. A proposal to ban VPNs in Wisconsin failed after similar concerns were raised. Utah’s law does not impose a total VPN ban, but legal challenges to the measure and similar age verification laws are expected in the weeks and months ahead.

Read More »