countries.htm

<!DOCTYPE html>
<html lang="en">
<head>
<title>Digital Freedom across the World</title>
<meta name="darkreader-lock">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="UTF-8">
<meta name="keywords" content="technology, operating systems, Linux distributions, Android ROMs, desktop environments, web browsers, instant messengers, cloud services, privacy, digital freedom, payments, cryptocurrencies, productivity software">
<meta name="author" content="Alphonse Eylenburg">
<link rel="stylesheet" href="style.css">
<style>
:root {
--legendwidth: 200px;
--columnwidth: 155px;
}

table {
width: calc(var(--legendwidth) + 11 * var(--columnwidth));
}

/* Make all details content smaller, except summary */
details {
  font-size: smaller;
}

/* Restore the summary (and everything inside it) to normal size */
details > summary {
  font-size: small; /* this is the size specified for table.comparison in style.css */
  hyphens: none; /* looks better when countries are in rows rather than columns */
}

span.country {
  font-size: 150%;
  font-weight: bold;
}

span.update {
  font-style: italic;
  font-size: 80%;
}

span.flag {
  font-size: 200%;
  float: right;
  margin-right: 10px;
}

span.law {
  font-style: italic;
  font-family: serif;
  font-weight: normal;
}
</style>
</head>
<body>

<script src="top.js"></script>
<header>
<p><a href="index.html">&larr; Sitemap</a></p>
</header>


<h1>Digital Freedom across the World - Country Comparison</h1>
<p>I'm aware that this is probably going to be the most controversial article on this site and I deliberately want it to be the most polemic one. Some misguided individuals may insist that encryption is bad because it's just used by criminals and nonces and if you have nothing to hide you have nothing to fear, that we can't protect children from harm unless VPNs are banned, that courts ordering websites to be blocked is okay because - for now - it's mostly just affecting pirate sites plundering from starving Hollywood execs, or that freedom of speech doesn't mean freedom from consequences and doubleplusungood ideas are threatening our democracy or something.<br /><br />

The aim of this piece is to see what restrictions and freedoms for the Internet and computing in general are in place across the world. Besides just being an interesting study, there's also real-world utility: Where can you host a website without disclosing your name and address? What country should you select for your VPN server? In which country will you not need to worry about the police kicking in your front door at 4 am because they didn't like a joke you made on social media?<br /><br />

What this is <em>not</em> is a general comparison of a country's freedom. I'm not looking at the freedom of press, at the election system, or at how libertarian a country is when it comes to guns, sex, or tax. This is purely a look at the digital realm.<br /><br />

I am comparing a carefully selected list of only a few countries; it would be great to compare all ~200 countries of the world but it is an impossible task. I have included the G7 countries (US, Canada, UK, Germany, France, Italy, Japan) and the BRIC countries (Brazil, Russia, India, China) and also Australia in order to honour them for being the first Western country to stop pretending they care about privacy or freedom. I also added Switzerland, Norway, and Iceland because they are European countries the EU and always come up in all those lists of what the best countries for privacy and VPNs are, as well as all those "most democratic and free countries" lists - so let's put them to the test.<br /><br />

Of course, there's many more countries in the world and many of them are lauded for their freedoms and protections from government overreach, for example I've heard good things about the Netherlands, Norway, Estonia, and Panama. But it's impossible to diligently compare all countries and there is no clear indication that I'm really missing out a hidden champion - a brief research shows that they all have some restrictions in this or that category. A final thought: for now, you might be able to find lots of freedom in a poor country with low Internet penetration where the government has better things to do than policing the web or isn't able to comprehensively enforce its laws. Why not host your VPS in Papua New Guinea, Transnistria, or Somaliland?</p>


<details><summary><strong>Disclaimer regarding free speech</strong></summary>
<p>To avoid misunderstandings, I would like to clarify that while I personally do not endorse any form of e.g. hate speech or discrimination, I believe in the principle that most speech and opinions should be legal, including speech that may be considered offensive or bigoted. Such speech should be countered with more speech and with dialogue, rather than through government censorship or legal penalties. I believe that government punishment of certain speech is ultimately damaging to democratic discourse, as hate speech laws tend to be very vague and can therefore potentially be misused by authoritarian governments to suppress dissent and limit free expression.
<br /><br />
To give some more examples:</p>
<ul>
	<li>I strongly disagree with discriminating or otherwise judging people based on their innate or immutable characteristics, such as ethnicity, sex, disability etc. However, I don't believe it should be the government's business to prosecute people for such speech, especially if the laws are worded very vaguely or if courts apply them unevenly and unpredictably. If even jokes or 'likes' on social media can potentially result in punishment, it means the only way to be safe from prosecution is to be quiet, and I believe that this will lead to self-censorship and fear of accidentally saying something that could be illegal, which ultimately harms democracy.</li>
	<li>I don't think it's good to insult people's religious feelings, but I am opposed to the idea that religions should have privileged protections and that criticising religions should be something that can be <a href="https://en.wikipedia.org/wiki/E.S._v._Austria_(2018)" target="_blank">potentially illegal</a>.</li>
	<li>I don't deny that the Holocaust happened, but I find it odd how some countries have specifically banned its denial, while at the same time it's often legal to deny other genocides. I think it can actually have the opposite effect, with people starting to wonder "why can't I say this? they must be hiding something!" In general, I disagree with laws that ban fringe theories on history - imagine if it was illegal to deny the moon landing or the Berlin wall or that something notable happened in 1989 on a big square in China's Northern Capital? These things are easy to prove and there is no need to jail people for saying things that can be easily countered with arguments.</li>
	<li>I don't think insulting people is good, but I don't think it should be illegal, and I especially don't think that politicians or the head of state should be privileged in that regard; especially if it's not clearly defined what actually constitutes an insult<!-- and when even <a href="https://weltwoche.ch/daily/deutsche-staatsanwaltschaft-jagt-blogger-der-vorwurf-er-habe-ricarda-lang-chefin-der-deutschen-gruenen-als-dick-bezeichnet-nun-wurde-ihm-auch-das-bankkonto-gesperrt/" target="_blank">calling a politician "fat"</a> can potentially get you in trouble-->. Likewise, I think misgendering people on purpose is mean and offensive, but I don't believe that it is something the government should get involved in (e.g. German Selbstbestimmungsgesetz providing for a penalty of up to €10,000).</li>
</ul>
<p>In summary, I believe that speech is either entirely free or not at all; once exceptions are introduced, even with good intentions, free speech ceases to exist. I also believe that free speech is a good thing and that a democratic and open society cannot exist without it, even if is sometimes leads to discomfort or offense.</p>
</details>


<h2 class="center">Digital Freedom across the World - Country Comparison</h2>
<p class="center">Source: eylenburg.github.io</p>
<p class="center" style="color: red; font-size: small;">Last updated: 11 March 2026</p>
<p style="font-size: 75%; font-style: italic;"> This table is best viewed on a monitor with 1920px width (Full HD) with 100% display scaling.</p>


<div>
    <label style="font-size: 130%;"><input type="checkbox" id="expandCheckbox">Expand detail for all</label>
</div>

<p>Click on the "&#9654;" symbol to read more</p>

<table class="comparison">
<colgroup>
<col style="text-align: left; white-space: nowrap; padding-right: 5px; width: var(--legendwidth);"> <!-- legend -->
<col style="border-left: double; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
</colgroup>

<thead>
<tr style="height: 1px; display: none;">
<td style="width: var(--legendwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
</tr>

<tr>
<th id="tableheader"></th>
<th><strong>Legal restrictions of free speech online</strong><br />
  <details><summary><span style="font-weight: normal;" class="smaller">Explanation</span></summary><br /><span style="font-weight: normal;">Not counting as "speech" in this context are: pornography, copyright infringement, defamation, fraud, and inciting imminent targeted violence.<br /><br />Vague laws without clear definitions of which expressions and opinions are illegal automatically result in "red".</span></details>
</th>
<th><strong>Internet censorship</strong><br /><span class="smaller">(direct or indirect)</span><br />
  <details><summary><span style="font-weight: normal;" class="smaller">Explanation</span></summary><br /><span style="font-weight: normal;">Direct censorship would be for example the government ordering ISPs to block certain websites, while indirect censorship can include pressuring third parties to censor without a court order, e.g. government fining social media companies which don't remove enough "harmful" material.</span></details>
</th>
<th><strong>Encryption bans<a href="#statetrojan">*</a></strong><br /><span class="smaller">(incl. government backdoors or client-side scanning)</span></th>
<th><strong>Ban of anonymous VPNs, Tor, or I2P</strong></th>
<th><strong>Mandatory Online ID</strong><br /><span class="smaller">(incl. age verification or imprint obligations)</span></th>
<th><strong>Key disclosure laws<a href="#statetrojan">*</a></strong><br /><span class="smaller">(obligation to decrypt data or disclose passwords)</span></th>
<th><strong>Ban of anonymous digital payments</strong><br /><span class="smaller">(e.g. Monero)</span></th>
<th><strong>Mandatory non-targeted metadata retention</strong><br /><span class="smaller">(for Internet &amp; telecom data)</span></th>
<th><strong>Mandatory registration for SIM cards</strong></th>
<th><strong>No platform-agnostic Digital ID or e-Gov auth</strong><br />  <details><summary><span style="font-weight: normal;" class="smaller">Explanation</span></summary><br /><span style="font-weight: normal;">Ideally, these digital services - including all digitally available high-trust actions - should be compatible with all computing platforms and not require anyone to use a specific operating system or device. Specifically, it should (a) not be smartphone-dependent, (b) not require a proprietary operating system, and (c) not require a Google, Apple, or Microsoft account.</span></details>
<th><strong>No "fair use" of copyrighted material</strong></th>
</th>
</tr>

</thead>

<tbody>

<tr>
<td><span class="country">U.S.</span> <span class="flag">&#127482;&#127480;</span><br /><span class="update">Last updated: 2026.03.06</span></td>
<td class="lgreen"><details><summary><strong>Very few, but proposed</strong></summary>The First Amendment provides broad protection. The main unprotected categories are: <strong>obscenity</strong> (failing the Miller test), <strong>fraud</strong>, <strong>child pornography</strong>, <strong>incitement to imminent lawless action</strong> (Brandenburg test), <strong>true threats</strong>, <strong>fighting words</strong>, and <strong>perjury</strong>. Hate speech is generally protected unless it constitutes true threats or incitement. Defamation requires proof of falsity and, for public figures, actual malice.<br /> <span class="blue">The <span class="law">STOP HATE Act</span> (proposed 2025) would ban 'hate speech', antisemitism, and 'disinformation'.</span></details></td>
<td class="yellow"><details><summary><strong>Indirect &amp; proposed</strong> </summary><span class="blue">The <strong><a href="https://reclaimthenet.org/the-algorithm-accountability-acts-threat-to-free-speech" target="_blank"><span class="law">Algorithm Accountability Act</span></a></strong> (proposed) would hold social media platforms liable for algorithmically distributed content, incentivising over-moderation. Similarly, the <strong><a href="https://reclaimthenet.org/bipartisan-bill-seeks-to-repeal-section-230-endangering-online-free-speech" target="_blank"><span class="law">Sunset Section 230 Act</span></a></strong> (proposed) would make platforms liable for user content, forcing more restrictive moderation. The <strong><span class="law">Block BEARD Act</span></strong> (proposed 2025) would force ISPs to block piracy websites.</span><br />Indirect censorship is possible already:<br />- The government has <strong>pressured social media platforms</strong> to remove content under the pretext of fighting misinformation and hate speech.<br />- High-profile cases such as WikiLeaks, SamouraiWallet and The Pirate Bay involve <strong>domain seizures</strong> framed as law enforcement actions against crime, which are considered legal despite First Amendment concerns.<br />- <strong><span class="law">TAKE IT DOWN Act</span></strong>: Aimed at combating non-consensual sharing of intimate images, this act could enable censorship by allowing platforms to <strong>remove content based solely on complaints</strong>, without proof of harm or an appeals process.<br />- <strong><span class="law">PAFACA</span></strong>: Commonly known as the "TikTok ban", targeting apps or websites owned by foreign entities. Proponents argue it is not censorship because a new (American) owner of TikTok would still be allowed to circulate the same content.<br />- <span class="law">Stop Hiding Hate Act</span> (New York): Forces social media platforms to report 'hate speech' incidents; while no fines for retaining legal content are imposed, it may coerce platforms into more aggressive moderation practices.</details></td>
<td class="green"><details><summary><strong>No bans</strong></summary>Though such laws are regularly proposed, they have so far all failed, e.g. the <span class="law">EARN IT Act</span>, <span class="law">Lawful Access to Encrypted Data Act</span>, and Florida's <span class="law">Social Media Use by Minors bill</span> (HB 744/SB 868).</details></td>
<td class="green" style="background: repeating-linear-gradient(135deg, #E7F2DD, #E7F2DD 10px, #CEE6BB 10px, #CEE6BB 20px);"><details><summary><strong>No, but proposed VPN bans in some states</strong></summary> <span style="background-color: aliceblue; display: block; width: 100%;">Some US states have <a href="https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-doing" target="_blank">proposed VPN bans or restrictions</a>, but no laws have passed yet.</span></details></td>
<td class="lred" style="background: repeating-linear-gradient(135deg, #EBC1AD, #EBC1AD 10px, #E7F2DD 10px, #E7F2DD 20px);"><details><summary><strong>Age verification in some states</strong></summary> <span style="background-color: #F5E0D6; display: block; width: 100%;"><strong>Age verification laws for websites and/or social media</strong> are in place in <a href="https://action.freespeechcoalition.com/age-verification-resources/state-avs-laws/" target="_blank">about half of US states</a>, but not at a federal level. <span class="blue">The <strong><span class="law">Kids Online Safety Act</span></strong> (proposed 2025) and <strong><span class="law">SCREEN Act</span></strong> (proposed 2025) aim to implement restrictions federally. The proposed <strong><span class="law">Kids Off Social Media Act</span></strong> would bar under-13s from social media, requiring adults to verify their age.</span></span> <span style="background-color: #F5E0D6; display: block; width: 100%;"><span class="law">App Store Accountability Acts</span> in Texas, Utah, Louisiana and other states <strong>require app stores and developers to implement age verification</strong>; Apple and Google say compliance requires collecting personally identifiable data.</span> <span class="yellow" style="display: block; width: 100%;"><span class="law">California's Digital Age Assurance Act</span> <strong>forces operating systems, device makers, and app stores to send age-related signals</strong> to apps, starting in 2027. App developers are required to modify their apps to request the age signal from the OS and honour it. For now, the age signal does not require ID checks and device admins can <strong>self-declare</strong> the ages for user accounts. <span class="blue">Similar laws are proposed in Colorado (<span class="law">Colorado SB26-051</span>) and Illinois (<span class="law">Illinois SB3977</span>). A more extreme law (<span class="law">New York Senate Bill S8102A</span>) is proposed in New York; it would require actual age verification (not just self-declaration) for all Internet-enabled hardware, operating systems, and app stores, in order to send an age signal to all apps and websites.</span></span></details></td>
<td class="lred"><details><summary><strong>Passwords no, biometrics yes</strong></summary>Passwords are protected by the Fifth Amendment and cannot be compelled. For biometric unlocking, courts have generally allowed police to <strong>compel biometric unlocks</strong> (e.g. forcing a suspect's finger onto a phone or holding a device to their face), as established in cases like <em>United States v. Dionisio</em> (1973) and subsequent rulings.</details></td>
<td class="yellow"><details><summary><strong>No bans, but devs punished</strong></summary>There is no ban on anonymous payment methods such as Monero, but <strong>developers of privacy-preserving cryptocurrency software have been prosecuted</strong> under anti-money laundering laws, e.g. <em>US v. Storm</em> and <em>US v. Rodriguez</em>, targeting the developers of Tornado Cash (a privacy protocol that mixes cryptocurrency transactions to obscure their origin).</details></td>
<td class="green"><details><summary><strong>None</strong></summary>No comprehensive federal requirement for ISPs to retain connection logs or metadata for all users; any retention is voluntary, though proposals have existed (e.g. <span class="law">SAFETY Act</span> 2009). The <span class="law">CLOUD Act</span> requires US-based providers to hand over data stored overseas on request, but does not mandate retaining data they would not otherwise keep. <span class="law">PRISM</span> is an NSA intelligence program enabling collection of internet communications from US-based tech companies (allowing for the compelled disclosure of content or metadata held by providers when targeted at non-US persons outside the US), but is not a data retention law.</details></td>
<td class="green"><strong>No</strong></td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + OTP</summary> Government services such as Login.gov or ID.me support <strong>browser-based login with password + OTP</strong> (via SMS, email, or authenticator app), and no Android/iOS smartphone is mandatory for access or authentication.</details></td>
<td class="yellow"><details><summary><strong>Fair Use, but DMCA misuse</strong></summary>Broad, flexible exceptions allowing various uses (commentary, criticism, news reporting, teaching, scholarship, research) based on four fairness factors (purpose, nature, amount, market impact). However, the <span class="law">Digital Millennium Copyright Act (DMCA)</span> has been misused for censorship and takedowns of legal content, as content must be removed quickly and without proving actual copyright infringement.</details></td>
</tr>

<tr>
<td><span class="country">Canada</span> <span class="flag">&#127464;&#127462;</span><br /><span class="update">Last updated: 2025.11.21</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary>Mostly relating to vaguely defined <strong>'hate speech'</strong> and <strong>Holocaust denial</strong> under <span class="law">Criminal Code §318 &amp; §319</span>.<br /><span class="blue">Proposed <span class="law">Bill C-9</span> (2025) would also ban Nazi and Hamas symbols and widen the definition of 'hate speech', particularly for anti-religious offences.</span><br /><span class="smaller">(+ failed laws like <span class="law">Bill C-36</span> (failed 2021) or <span class="law">Bill C-63</span> (failed 2025, which would have introduced a maximum penalty of life imprisonment for hate crime offences including non-violent 'hate propaganda'))</span></details></td>
<td class="lred"><details><summary><strong>Selective censorship</strong></summary>ISPs have been ordered to block websites associated with <strong>copyright infringement</strong>, though major sites like Anna's Archive and The Pirate Bay remain available. Critics also worry that the <span class="law">Online Streaming Act</span> enables state control over what Canadians see online: it extends the CRTC's regulatory authority to online platforms (YouTube, Netflix, Spotify etc.), requiring them to promote Canadian content, with critics warning of algorithm manipulation and government overreach.</details></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary><span class="blue"><span class="law">Bill C-26</span>, focused on cybersecurity and expanded surveillance powers, passed Parliament and reached Senate review in June 2024. The Senate found technical flaws and amended it, sending it back to the House of Commons. As of July 2025, it has not yet become law.</span></details></td>
<td class="green"><strong>No bans</strong></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary><span class="blue"><span class="law">Bill S-209</span>, aimed at mandatory age verification for access to online adult content, returned to the Senate for first reading in May 2025. Debate continues with a focus on privacy and implementation challenges. The bill has not yet been enacted.</span></details></td>
<td class="green"><strong>None</strong></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary>Monero has been delisted from most Canadian-accessible CEX due to KYC regulations, though it is not banned per se. Additionally, Trudeau's <span class="law">Emergencies Act</span> was invoked to temporarily restrict cryptocurrency transactions (including Monero) to disrupt funding for the Freedom Convoy protests, but this did not constitute an outright ban.</details></td>
<td class="green"><strong>None</strong></td>
<td class="green"><strong>No</strong></td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + OTP</summary> Government services such as GCKey or Sign-In Partner support <strong>browser-based login with password + OTP</strong> (via SMS, email, or authenticator app), and no Android/iOS smartphone is mandatory for access or authentication.</details></td>
<td class="lred"><details><summary><strong>Fair Dealings</strong></summary> Use permitted only if it falls into prescribed categories (e.g., research, private study, criticism, review, news reporting, education, parody, satire). More restrictive than US.</details></td>
</tr>


<tr>
<td><span class="country">Australia</span> <span class="flag">&#127462;&#127482;</span><br /><span class="update">Last updated: 2026.03.11</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary>Mostly relating to vaguely defined <strong>'hate speech'</strong> and <strong>display of National Socialist symbols</strong>, under the <span class="law">Racial Discrimination Act 1975</span> and the <span class="tooltip"><span class="law">Criminal Code Amendment (Hate Crimes) Bill 2025</span><span class="tooltiptext">"The laws at both federal and NSW levels aim to curb hate-fueled violence, particularly against Jewish Australians. They criminalize advocating force or violence against protected groups, toughen penalties for Nazi-related symbolism, and even impose mandatory minimum sentences for some offenses.<br /><br />The new laws stretched the rules in ways that might make civil liberties advocates nervous. Previously, to be charged with urging violence against a group, prosecutors had to prove intent. Now? Recklessness will do. This means you don't have to actually intend for violence to happen — just failing to consider the possibility could land you in serious trouble.<br /><br />The law also takes a broad approach to Nazi symbolism. Displaying a swastika was already illegal in some contexts, but now similar prohibitions apply to a range of extremist symbols, with penalties jumping from one year in prison to five. And if you're caught making a "Nazi salute?" Enjoy your 12-month mandatory minimum sentence." - <a href="https://reclaimthenet.org/sydney-terror-hoax-hate-crime-laws-overreach" target="_blank" style="color: white;">Reclaim The Net</a></span></span>. The <span class="law">Combatting Antisemitism, Hate and Extremism Bill 2026</span>, passed in 01/26, <span class="tooltip">significantly restricts speech in ways that are <a href="https://reclaimthenet.org/australia-passes-new-hate-speech-law" target="_blank">dangerous and unusual</a>.<span class="tooltiptext">It criminalizes public conduct or expression (including online) if it would cause a 'reasonable person' to feel intimidated or harassed, without requiring proof of actual harm, real victims, or incitement to violence. The law shifts the burden of proof onto the accused for certain offenses (like displaying prohibited hate symbols), forcing them to justify exemptions. Furthermore it empowers the government to blacklist so-called hate groups based on executive discretion, and (even retroactively) punishes mere association, membership, or support with up to 15 years in prison. This goes far beyond typical hate speech laws in other countries, which usually demand intent to incite hatred or violence and include stronger safeguards for political, academic, or journalistic expression, making this bill exceptionally broad, subjective, and restricting free speech.</span></span></details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary>The Australian Communications and Media Authority enforces content restrictions on Australian-hosted Internet content and maintains a <strong>blocklist of websites</strong>. The eSafety Commission can <strong>order removal of 'harmful' content</strong> and block websites, which has included archive.org and specific videos on platforms like X <a href="https://reclaimthenet.org/bishop-mar-mari-emmanuel-returns" target="_blank">[1]</a>, <a href="https://reclaimthenet.org/australia-threatens-x-fines-over-zarutska-video" target="_blank">[2]</a>. ISPs have also been ordered to block websites for <strong>copyright infringement</strong> (e.g. Anna's Archive, The Pirate Bay). The <span class="law">Online Safety Act</span> requires age verification for accessing potentially 'harmful' content, creating further indirect censorship.</details></td>
<td class="red"><details><summary><strong>Yes (backdoor on demand)</strong></summary>The <span class="law">Assistance and Access Act 2018</span> allows intelligence and police agencies to compel technology companies to <strong>build in backdoor access</strong>. For example, the government demanded that Signal create a backdoor, which it has so far refused.</details></td>
<td class="yellow"><details><summary><strong>Not banned, but restrictions</strong></summary> Social media firms are expected per eSafety guidance to block VPNs as they can be used to bypass Australia’s under-16 ban. In practice, platforms may have to blacklist VPN-associated IPs because they can't prove a VPN user isn't an Australian under 16. Alternatively, they would need to cross-check an account's historical IPs and collected location data in order to detect and block VPN use for Australians only.</details></td>
<td class="red"><details><summary><strong>Age verification</strong></summary>The <span class="law">Online Safety Bill 2024</span> mandates <strong>age verification for websites, apps and social media</strong>. Originally, it was limited to age verification for using social media and adult websites, but the requirements have since been extended to app stores, online games, YouTube and search engines like Google and Bing. Since 2026, Apple requires age verification to <strong>install age-restricted apps</strong> on iOS. </details></td>
<td class="red"><details><summary><strong>Yes</strong></summary>The <span class="law">Cybercrime Act 2001</span> grants police (with a magistrate's order) the power to require "a specified person to provide any information or assistance that is reasonable and necessary" to access evidential computer data, understood to include <strong>mandatory decryption</strong>. Failure to comply carries a penalty of 6 months' imprisonment.</details></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However, Monero has been delisted from most CEX for Australian users due to KYC and other regulations, even though it's not banned per se.</details></td>
<td class="red"><details><summary><strong>Yes (24 months)</strong></summary>The <span class="law">Data Retention Act 2015</span> requires retention of ISP metadata (IPs, connection logs, browsing history), email and telephony metadata (including mobile phone locations) for 2 years.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="red"><details><summary><strong>Limited support</strong>, iOS/Android/AOSP required</summary>For certain government tasks requiring strong authentication (e.g. ATO linkage, DIN), you either need the <strong>myID app on an Android/iOS smartphone</strong> or must handle the process in person. For now, the myID app (not to be confused with the myGov app, which enforces Play Integrity checks and is not required for authentication) seems to work on non-stock Android such as LineageOS or GrapheneOS, though it is only available on the Play Store - requiring a Google account (a possible workaround is using Aurora Store, though this is unsupported).</details></td>
<td class="lred"><details><summary><strong>Fair Dealings</strong></summary> Only allowed for specified purposes such as research, criticism, review, news reporting, parody/satire, professional advice, or education. Additional exceptions are very situation-specific and narrowly crafted.</details></td>
</tr>


<tr>
<td><span class="country">U.K.</span> <span class="flag">&#127468;&#127463;</span><br /><span class="update">Last updated: 2026.03.04</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary>Illegal speech includes vaguely defined <strong>'hate speech'</strong>, <strong>anti-immigration speech</strong> (in 2025 the government deployed a social media surveillance unit to monitor such posts), <strong>speech likely to cause 'distress'</strong>, <strong>'indecent' or 'offensive' speech</strong>, <strong>'false' or 'misleading' information</strong>, <strong>obscenity</strong>, <strong>insults</strong>, <strong>advocating against the monarchy</strong> (treason laws prohibit advocating the abolition of the monarchy or imagining the death of the monarch), <span class="tooltip"><strong>blaspheming Islam</strong><span class="tooltiptext"><a href="https://www.spectator.co.uk/article/england-now-has-a-blasphemy-law/" target="_blank" style="color: white;">"England now has a blasphemy law" - The Spectator</a> - There is no official blasphemy law criminalizing criticism of Islam or Muslims. However, concerns have grown over recent prosecutions for actions deemed offensive to Islam (e.g., Quran burning) under existing public order and hate crime laws. Multiple high-profile cases and political discussions suggest a de facto return to blasphemy law principles via prosecution tactics, but no explicit blasphemy legislation has been passed as of July 2025.<br /><br />Furthermore, anti-Islam activists such as Ryan Williams and Tommy Robinson have been asked by police to unlock their phones and charged under Schedule 7 of the <strong>Terrorism Act 2000</strong>.</span></span>, and more (UK defamation laws are among the strictest in the western world, imposing a high burden of proof on defendants). Key laws: <span class="tooltip"><span class="law">Malicious Communications Act 1988</span><span class="tooltiptext">Prohibits sending letters, electronic communications, or articles with the purpose to cause distress or anxiety by conveying messages that are indecent, grossly offensive, or false (known or believed to be false by sender). Covers hate speech that is racially or religiously motivated. Jurisprudence may interpret any pro-White or nationalist sentiments as incitement, even benign expressions like "Love your Nation" or "It's OK to be White" (e.g., in the case of Samuel Melia). Criminalizes any malicious communications in general, including insults. Prison sentences up to 2 years possible.</span></span>, the <span class="law">Hate Crime and Public Order (Scotland) Act</span> (addresses stirring up hatred on grounds of race, religion, and sexual orientation; covers threatening communications and breach of the peace aggravated by hatred), and the <span class="tooltip"><span class="law">Online Safety Act 2023</span> (particularly §179)<span class="tooltiptext">Enforces investigations and regulation of harmful online content, including disinformation. Section 179 establishes offence of false communications.<br /><br />"Section 179 criminalizes knowingly false communications intended to cause 'non-trivial psychological or physical harm.' The wording here is as vague as it is dangerous. What qualifies as 'non-trivial psychological harm'? If the government decides that criticisms of its handling of the grooming gang scandal cause emotional distress to MPs—or, conveniently, to the public—it could label them as harmful misinformation. Knowing the penalties - up to 51 weeks in prison and unlimited fines - citizens may think twice before questioning the government on sensitive issues. And that's the goal: silence through fear."</span></span>. Furthermore, police record <strong>non-crime hate incidents</strong> (NCHIs) which are classified as legal speech but remain on police records and may appear in background checks.</details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary>ISPs have been ordered to block websites associated with <strong>copyright infringement</strong> (e.g. Anna's Archive, The Pirate Bay) and <strong>Russian government propaganda</strong> (e.g. RT). Indirect censorship through the <span class="law">Online Safety Act</span>, which requires <strong>removal of speech that could be illegal</strong> in the UK, as well as age verification for accessing <span class="tooltip">potentially 'harmful' content<span class="tooltiptext">including: Sexually explicit content. Content which encourages, promotes or provides instructions for: suicide, deliberate self-injury, or disordered eating or behaviors associated with an eating disorder. Content which is abusive or incites hatred against people by targeting any of the following characteristics: race, religion, sex, sexual orientation, disability, or gender reassignment. Bullying content. Violent content which: encourages, promotes or provides instructions for an act of serious violence against a person, or depicts real or realistic serious violence against a person, an animal, or a fictional creature, including the graphic depiction of a serious injury. Content which encourages, promotes, or provides instructions for a challenge or stunt highly likely to result in serious injury to the person who does it or to someone else. Content which encourages a person to ingest, inject, inhale, or self-administer a physically harmful substance, or a substance in physically harmful quantity. Content that shames or otherwise stigmatises body types or physical features. Content that promotes or romanticizes depression, hopelessness and despair. Filesharing websites.</span></span>. Many UK-based websites have been forced to close or have blocked UK IPs due to the OSA.</details></td>
<td class="red"><details><summary><strong>Yes (backdoor on demand)</strong></summary>The <span class="law">Investigatory Powers Amendment Act 2024</span> expands government powers to demand access to encrypted communications. The <span class="law">Online Safety Act</span>, particularly Clause 122, allows Ofcom to compel companies to <strong>break end-to-end encryption</strong>, enabling mass surveillance - this has already been used against Apple, forcing them to stop offering iCloud E2EE in the UK. Since 2026, the OSA authorises Ofcom to require online platforms to deploy <strong>automated client-side scanning</strong> of user messages, images, and videos before encryption applies.</details></td>
<td class="yellow"><details><summary><strong>Not banned, but restrictions</strong></summary>Advertising VPNs as a means to bypass content restrictions can be illegal under the <span class="law">Online Safety Act</span>. <span class="blue">The House of Lords <a href="https://reclaimthenet.org/uk-lawmakers-propose-mandatory-on-device-surveillance-and-vpn-age-verification" target="_blank">proposed</a> in 12/25 (<span class="law">HL Bill 135</span>) mandatory age verification for VPN users. The Starmer government is also looking into banning VPNs for minors.</span></details></td>
<td class="red"><details><summary><strong>Age verification &amp; imprint obligation</strong></summary>The <span class="law">Online Safety Act 2023</span> requires <strong>age verification for websites and apps</strong> for a variety of <span class="tooltip">potentially 'harmful' content<span class="tooltiptext">Sexually explicit content. Content which encourages, promotes or provides instructions for: suicide, deliberate self-injury, or disordered eating or behaviors associated with an eating disorder. Content which is abusive or incites hatred against people by targeting any of the following characteristics: race, religion, sex, sexual orientation, disability, or gender reassignment. Bullying content. Violent content which: encourages, promotes or provides instructions for an act of serious violence against a person, or depicts real or realistic serious violence against a person, an animal, or a fictional creature, including the graphic depiction of a serious injury. Content which encourages, promotes, or provides instructions for a challenge or stunt highly likely to result in serious injury to the person who does it or to someone else. Content which encourages a person to ingest, inject, inhale, or self-administer a physically harmful substance, or a substance in physically harmful quantity. Content that shames or otherwise stigmatises body types or physical features. Content that promotes or romanticizes depression, hopelessness and despair.</span></span> (not limited to sexually explicit content). <!-- As a reaction, Apple has begun requiring age verification / user identification to <a href="https://www.theverge.com/tech/884306/apple-age-verification-uk-users-ios-26-4-beta" target="_blank">download apps on iOS</a>. --><span class="blue">As of 12/25, the government wants to 'encourage' Google and Apple to implement <a href="https://reclaimthenet.org/uk-demands-nude-image-blocking-on-devices" target="_blank">mandatory client-side AI scanning of photos and videos</a> on all smartphones, blocking nudity unless the user has verified their age. The House of Lords <a href="https://reclaimthenet.org/uk-lawmakers-propose-mandatory-on-device-surveillance-and-vpn-age-verification" target="_blank">proposed</a> (<span class="law">HL Bill 135</span>) banning all users from social media unless age-verified as 16+.</span> The <span class="law">Electronic Commerce (EC Directive) Regulations 2002</span> impose <strong>imprint obligations for websites</strong>, including non-commercial websites with small commercial elements such as advertising banners.</details></td>
<td class="red"><details><summary><strong>Yes</strong></summary>The <span class="law">Regulation of Investigatory Powers Act 2000</span> <strong>compels disclosure of encryption keys or decryption of encrypted data</strong>. Refusal carries a maximum sentence of 2 years' imprisonment, or 5 years in cases involving national security or child indecency.</details></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However, Monero has been delisted from most CEX for British users due to KYC and other regulations, even though it's not banned per se.</details></td>
<td class="red"><details><summary><strong>Yes (12 months)</strong></summary>The <span class="law">Investigatory Powers Act 2016</span> requires retention of ISP metadata (IPs, connection logs, browsing history), email and telephony metadata (including mobile phone locations) for 1 year.</details></td>
<td class="green"><strong>No</strong></td>
<td class="dred"><details><summary><strong>May need Google or Apple account &amp; device</strong></summary>Government services such as GOV.UK One Login, HMRC, and NHS support <strong>browser-based login with password + OTP</strong> (via SMS or authenticator app), so a smartphone is not required for normal sign-in. However, to verify your identity or register a new company, you need the <strong>GOV.UK One Login Android/iOS app</strong>, or alternatively you can <a href="https://www.gov.uk/using-your-gov-uk-one-login/proving-your-identity" target="_blank">verify your identity in person at a post office, or answer security questions online</a> (dependent on Experian credit-reference data, which may not work with a sparse credit history or no UK bank account). The <strong>Android app <a href="https://github.com/alphagov/govuk-mobile-android-app/issues/342" target="_blank">uses Play Integrity</a> and is only available from Google Play</strong>, requiring a Google account and stock Android (incompatible with GrapheneOS or LineageOS). <span class="blue">The government is also planning a <strong>digital ID scheme</strong> ("Brit Card") for all citizens, which will most likely <strong>require an Android/iOS app</strong> with yet to be determined alternatives for those without a smartphone.</span></details></td>
<td class="lred"><details><summary><strong>Fair Dealings</strong></summary> Permitted uses limited to research, private study, criticism, review, news reporting, parody, caricature, pastiche, and quotation. Other uses require permission.</details></td>
</tr>

<tr>
<td><span class="country">Germany</span> <span class="flag">&#127466;&#127482;&nbsp;&#127465;&#127466;</span><br /><span class="update">Last updated: 2026.01.16</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary>Illegal speech includes vaguely defined <strong>'hate speech'</strong> (including "liking" a post, per LG Meiningen, 2022) (<span class="law">Penal Code §130</span>), <strong>insulting religions</strong> (<span class="law">§166</span>), <strong>Holocaust denial</strong> (<span class="law">§130, §189</span>), <strong>insults</strong> (<span class="law">§185</span>), <strong>insulting politicians</strong> (<span class="law">§188</span>, including cases where calling politicians "imbecile", "fat", a "penis", or "Pinocchio" have led to prosecution), <strong>National Socialist symbols and phrases</strong> (<span class="law">§86</span>, which extends beyond obvious symbols like swastikas to phrases such as 'Alles für Deutschland'), <strong>disparagement of the President or state symbols</strong> (<span class="law">§90</span>), <strong>revealing someone's biological sex or birth name</strong> or <strong>misgendering</strong> them (<span class="law">Self-Determination Act</span>, with fines up to &euro;10,000), and more (German defamation laws are also very strict, imposing a high burden of proof on the defendant).</details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary>ISPs have been ordered to block websites associated with <strong>copyright infringement</strong> (e.g. Anna's Archive, The Pirate Bay), <strong>Russian government propaganda</strong> (e.g. RT), and <strong>far-right politics</strong>. The <span class="law">NetzDG</span> requires social media platforms to remove illegal speech within strict timeframes, effectively forcing over-censorship of even legal speech. The EU's <span class="law">Digital Services Act (DSA)</span> creates obligations for 'content moderation' against not just illegal content but also <strong>legal but 'harmful' content</strong> such as 'disinformation' (<a href="https://norberthaering.de/propaganda-zensur/dsa-verfassungsbeschwerde/" target="_blank">including truthful information</a>, as a Berlin court ruled) or 'negative effects on civic discourse or elections', and will also require age verification from many websites. In 12/2025, the EU Commission fined X &euro;120m for spurious 'transparency failures' under the DSA, which <a href="https://reclaimthenet.org/eu-fines-elon-musks-x-140-million-amid-free-speech-clash" target="_blank">has been interpreted</a> as a punishment for not censoring enough.</details></td>
<td class="yellow"><details><summary><strong>Potential backdoors, and proposed</strong></summary><span class="law">eIDAS Art. 45</span>, an EU regulation, can act as a potential backdoor by <strong>obliging browsers to trust government-designated certificate authorities</strong>, technically allowing lawful man-in-the-middle interception of HTTPS traffic. So far, no major browser has implemented Art. 45 QWAC support as envisioned, and open-source and non-EU browsers can largely ignore it.<br /><span class="blue">Various EU proposals aim to ban E2EE or mandate backdoors/client-side scanning, including the <span class="law">ProtectEU strategy</span> (at initial policy stage; no legislation passed, but raising alarm among privacy advocates) and the <span class="law">HLG Recommendations on 'Access to Data for Effective Law Enforcement'</span> (non-binding but informing future legislation). <a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><span class="law"><strong>"Chat Control 2.0"</strong></span></a> <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">was approved by the EU Council on 2025.11.26</a>. The final version made <strong>client-side scanning</strong> 'voluntary', but companies are encouraged to scan private messages for legal certainty, a Commission review in 3 years could make it mandatory for some providers, and national authorities may force 'high-risk' services (including all E2E-encrypted services) to adopt client-side scanning. The EU Parliament still needs to approve it, with a vote expected in H1 2026.</span></details></td>
<td class="green"><strong>No bans</strong></td>
<td class="red"><details><summary><strong>Age verification &amp; imprint obligation</strong></summary> The EU's <span class="law">Digital Services Act (DSA)</span> will require mandatory <strong>age verification for websites and apps</strong> containing 'potentially harmful' content and requires platforms to supply the government with the <strong>identity of online accounts</strong> who are publishing 'harmful' opinions (90% of such requests received by X in 2024 came from Germany). Since 12/2025, an amendment to the <span class="law">Youth Protection Act (JMStV)</span> mandates that content harmful to minors must be restricted to adults, requiring <strong>age verification for websites</strong>. <span class="blue"><a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><span class="law">"Chat Control 2.0"</span></a>, <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">approved by the EU Council on 2025.11.27</a> but not yet voted on by the EU Parliament, would also require <strong>age or ID verification for creating an email or messenger account</strong>. The <a href="https://reclaimthenet.org/eu-parliament-votes-for-mandatory-digital-id-and-age-verification-threatening-online-privacy" target="_blank">EU Parliament on 2025.11.27 approved <span class="law">Report A10-0213/2025</span>, proposing mandatory recurring age verification</a> (every 3 months) for social media, video platforms and AI chatbots - a non-binding resolution but expected to significantly influence national and EU policy.</span> <span class="law">§5 TMG</span> prescribes <strong>imprint obligations for websites</strong>, including non-commercial websites with small commercial elements such as advertising banners.</details></td>
<td class="lred"><details><summary><strong>Passwords no, biometrics yes</strong></summary>Courts have generally held that passwords are protected from compelled disclosure (right against self-incrimination), while <strong>biometric unlocks can be compelled</strong> as physical evidence. A 2025 OLG Bremen ruling (Ref. 1 ORs 26/24) confirmed forced fingerprint unlocking is legal; police may also collect fingerprints for later use to unlock a device (LG Ravensburg AZ 2 Qs 9/23).</details></td>
<td class="lred"><details><summary><strong>Partially banned</strong></summary><span class="law">Art. 79 of the EU's Anti-Money Laundering Regulation</span> states that, starting in 2027, <strong>financial service providers</strong> such as banks and crypto exchanges are <strong>not allowed to handle privacy-preserving cryptocurrencies</strong> such as Monero. However, it will remain legal to hold, send, and receive Monero in self-custodial wallets, and to accept Monero payments (e.g. VPN providers).</details></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary>Despite several attempts, mandatory data retention (Vorratsdatenspeicherung) has been declared unconstitutional. There is currently no mandatory data retention in Germany. <span class="blue">An EU Council paper from 12/2025 (<a href="https://reclaimthenet.org/eu-revives-plan-for-year-long-data-retention" target="_blank">WK 16133/2025 INIT</a>) proposed mandatory 1-year metadata retention (IP addresses and phone locations) applying to telecom operators, cloud platforms, domain hosts, payment processors, and even E2EE messengers such as WhatsApp and Signal.</span></details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="yellow"><details><summary><strong>Cross-platform</strong>, with open source app</summary>Some tasks requiring strong authentication require the <em>AusweisApp</em>, either on an Android/iOS smartphone with NFC support or on a desktop computer with a compatible USB smartcard reader. <strong>Linux is explicitly supported</strong> as a desktop OS. The <strong>AusweisApp is open source</strong>, has been ported to FreeBSD, and is available on F-Droid. While the smartcard reader requires an upfront purchase, everything can be done without a smartphone or proprietary OS. <span class="blue">The upcoming <strong>EU Digital Wallet</strong> is still in development, but it seems that it will only be available as an app for iOS and stock Android (requiring Play Integrity and the Play Store), making an Apple or Google account mandatory.</span></details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> No general fair use; only narrow, enumerated exceptions for uses such as quotation, research, criticism, and certain educational and private uses. The list is exhaustive and exceptions are strictly interpreted.</details></td>
</tr>


<tr>
<td><span class="country">France</span> <span class="flag">&#127466;&#127482;&nbsp;&#127467;&#127479;</span><br /><span class="update">Last updated: 2026.01.16</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary>Mostly relating to vaguely defined <strong>'hate speech'</strong> (<span class="law">Gayssot Act 1990</span> &amp; <span class="law">Law of 30 Dec 2004</span>), <strong>Holocaust denial</strong>, and <strong>positive representation of drugs</strong> or incitement to their consumption (<span class="law">Penal Code §222-234 to §222-239</span>).</details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary>ISPs as well as third-party DNS and VPN providers have been ordered to block websites associated with <strong>copyright infringement</strong> (e.g. The Pirate Bay), <strong>Russian government propaganda</strong> (e.g. RT), and <strong>far-right politics</strong>. The EU's <span class="law">Digital Services Act (DSA)</span> creates obligations for 'content moderation' against not just illegal content but also <strong>legal but 'harmful' content</strong> such as 'disinformation' or 'negative effects on civic discourse or elections', and also requires age verification from many websites. There is strong <strong>government pressure on social media companies</strong> to censor: Rumble was forced to block French IPs (until an opposing court ruling in Oct 2025), Telegram's CEO Pavel Durov was arrested in 2024 with prosecutors alleging insufficient censorship, and a French prosecutor classified X as an 'organised crime group' in 2025. In 12/2025, the EU Commission fined X &euro;120m for 'transparency failures' under the DSA, widely <a href="https://reclaimthenet.org/eu-fines-elon-musks-x-140-million-amid-free-speech-clash" target="_blank">interpreted</a> as punishment for not censoring enough.</details></td>
<td class="yellow"><details><summary><strong>Potential backdoors, and proposed</strong></summary><span class="law">eIDAS Art. 45</span>, an EU regulation, can act as a potential backdoor by <strong>obliging browsers to trust government-designated certificate authorities</strong>, technically allowing lawful man-in-the-middle interception of HTTPS traffic. So far, no major browser has implemented Art. 45 QWAC support as envisioned, and open-source and non-EU browsers can largely ignore it.<br /><span class="blue">Various EU proposals aim to ban E2EE or mandate backdoors/client-side scanning, including the <span class="law">ProtectEU strategy</span> (at initial policy stage; no legislation passed, but raising alarm among privacy advocates) and the <span class="law">HLG Recommendations on 'Access to Data for Effective Law Enforcement'</span> (non-binding but informing future legislation). <a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><span class="law"><strong>"Chat Control 2.0"</strong></span></a> <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">was approved by the EU Council on 2025.11.26</a>. The final version made <strong>client-side scanning</strong> 'voluntary', but companies are encouraged to scan private messages for legal certainty, a Commission review in 3 years could make it mandatory for some providers, and national authorities may force 'high-risk' services (including all E2E-encrypted services) to adopt client-side scanning. The EU Parliament still needs to approve it, with a vote expected in H1 2026.</span></details></td>
<td class="yellow"><details><summary><strong>Not banned, but restrictions</strong></summary>In May 2025, a Paris court ordered several VPN providers to block access to hundreds of domains, classifying them as 'technical intermediaries' obliged to monitor and restrict user access to banned content.</details></td>
<td class="red"><details><summary><strong>Age verification &amp; imprint obligation</strong></summary> The EU's <span class="law">Digital Services Act (DSA)</span> will require mandatory <strong>age verification for websites and apps</strong> containing 'potentially harmful' content, with France trialling implementation. Since 2025 (<span class="law">SREN Law</span>), France requires <strong>age verification for accessing pornographic websites</strong>, likely to expand to other content deemed inappropriate for children. <span class="blue">A <a href="https://reclaimthenet.org/france-social-media-ban-under-15-digital-id-age-verification" target="_blank">proposed law</a> would ban under-15s from social media from 09/26, <strong>requiring identity checks for all social media users</strong>. <a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><span class="law">"Chat Control 2.0"</span></a>, <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">approved by the EU Council on 2025.11.27</a> but not yet voted on by the EU Parliament, would also require <strong>age or ID verification for creating an email or messenger account</strong>. The <a href="https://reclaimthenet.org/eu-parliament-votes-for-mandatory-digital-id-and-age-verification-threatening-online-privacy" target="_blank">EU Parliament on 2025.11.27 approved <span class="law">Report A10-0213/2025</span>, proposing mandatory recurring age verification</a> (every 3 months) for social media, video platforms and AI chatbots - a non-binding resolution but expected to significantly influence national and EU policy.</span> The <span class="law">Loi pour la confiance dans l'économie numérique</span> prescribes <strong>imprint obligations for websites</strong>, including non-commercial websites with a small commercial element such as advertising banners.</details></td>
<td class="red"><details><summary><strong>Yes</strong></summary>Article 30 of the <span class="law">Law No. 2001-1062</span> (15 Nov 2001) allows a judge or prosecutor to compel any qualified person to <strong>decrypt or surrender encryption keys</strong>. Failure to comply carries up to 3 years' imprisonment and a &euro;45,000 fine; if compliance would have prevented a crime, the penalty increases to 5 years and &euro;75,000.</details></td>
<td class="lred"><details><summary><strong>Partially banned</strong></summary><span class="law">Art. 79 of the EU's Anti-Money Laundering Regulation</span> states that, starting in 2027, <strong>financial service providers</strong> such as banks and crypto exchanges are <strong>not allowed to handle privacy-preserving cryptocurrencies</strong> such as Monero. However, it will remain legal to hold, send, and receive Monero in self-custodial wallets, and to accept Monero payments (e.g. VPN providers).</details></td>
<td class="red"><details><summary><strong>Yes (12 months)</strong></summary>Mandatory retention of ISP metadata (IPs, connection logs, browsing history), email and telephony metadata (including mobile phone locations) for 1 year. <span class="blue">An EU Council paper from 12/2025 (<a href="https://reclaimthenet.org/eu-revives-plan-for-year-long-data-retention" target="_blank">WK 16133/2025 INIT</a>) proposed mandatory 1-year metadata retention applying to telecom operators, cloud platforms, domain hosts, payment processors, and even E2EE messengers such as WhatsApp and Signal.</span></details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="red"><details><summary><strong>Limited support</strong>, iOS/Android/AOSP required</summary>For certain government tasks requiring strong authentication (e.g. tax filings, e-signatures), a certified <strong>FranceConnect+ app for Android/iOS</strong> is required, such as France Identité or L'Identité Numérique La Poste. These apps appear to work on non-stock Android systems such as LineageOS or GrapheneOS, but require Play Services / microG and are only available on the Play Store (requiring a Google account; Aurora Store can work as an unsupported workaround). <span class="blue">The upcoming <strong>EU Digital Wallet</strong> is still in development, but it seems that it will only be available as an app for iOS and stock Android (requiring Play Integrity and the Play Store), making an Apple or Google account mandatory.</span></details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Uses are only allowed if they fit an exhaustive list of exceptions (quotation, press review, private copy, educational use). No general fair use doctrine; exceptions are narrowly interpreted.</details></td>
</tr>


<tr>
<td><span class="country">Italy</span> <span class="flag">&#127466;&#127482;&nbsp;&#127470;&#127481;</span><br /><span class="update">Last updated: 2026.03.04</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary>Illegal speech includes vaguely defined <strong>'hate speech'</strong> (<span class="law">Penal Code §604</span>), <strong>Holocaust denial</strong> (<span class="law">Law 16 June 2016 n. 115</span>), <strong>insulting religions</strong> (<span class="law">Penal Code §403</span>), speech <strong>offensive to public morality</strong> (<span class="law">§21</span>, though enforcement is rare in practice), and <strong>insulting the President</strong> (<span class="law">§278</span>).</details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary>ISPs, third-party DNS, and VPN providers have been ordered to block websites associated with <strong>copyright infringement</strong> (e.g. Anna's Archive, The Pirate Bay), <strong>Russian government propaganda</strong> (e.g. RT), and <strong>adult content</strong>. The <strong>'Piracy Shield'</strong> framework targets piracy and sports streaming sites but has also affected innocent websites such as Google Drive. Italy <strong><a href="https://reclaimthenet.org/the-censors-strike-back-italys-crusade-against-the-open-internet" target="_blank">fined Cloudflare</a></strong> for not blocking piracy access via their DNS resolver 1.1.1.1 globally. <strong>archive.today/archive.is is DNS-blocked</strong> for copyright reasons. The EU's <span class="law">Digital Services Act (DSA)</span> creates obligations for 'content moderation' against not just illegal content but also <strong>legal but 'harmful' content</strong> such as 'disinformation' or 'negative effects on civic discourse or elections', and also requires age verification from many websites. In 12/2025, the EU Commission fined X &euro;120m for 'transparency failures' under the DSA, widely <a href="https://reclaimthenet.org/eu-fines-elon-musks-x-140-million-amid-free-speech-clash" target="_blank">interpreted</a> as punishment for not censoring enough.</details></td>
<td class="yellow"><details><summary><strong>Potential backdoors, and proposed</strong></summary><span class="law">eIDAS Art. 45</span>, an EU regulation, can act as a potential backdoor by <strong>obliging browsers to trust government-designated certificate authorities</strong>, technically allowing lawful man-in-the-middle interception of HTTPS traffic. So far, no major browser has implemented Art. 45 QWAC support as envisioned, and open-source and non-EU browsers can largely ignore it.<br /><span class="blue">Various EU proposals aim to ban E2EE or mandate backdoors/client-side scanning, including the <span class="law">ProtectEU strategy</span> (at initial policy stage; no legislation passed, but raising alarm among privacy advocates) and the <span class="law">HLG Recommendations on 'Access to Data for Effective Law Enforcement'</span> (non-binding but informing future legislation). <a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><span class="law"><strong>"Chat Control 2.0"</strong></span></a> <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">was approved by the EU Council on 2025.11.26</a>. The final version made <strong>client-side scanning</strong> 'voluntary', but companies are encouraged to scan private messages for legal certainty, a Commission review in 3 years could make it mandatory for some providers, and national authorities may force 'high-risk' services (including all E2E-encrypted services) to adopt client-side scanning. The EU Parliament still needs to approve it, with a vote expected in H1 2026.</span></details></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> Websites are not allowed to point towards VPNs as a means to avoid age verification.</details></td>
<td class="red"><details><summary><strong>Age verification</strong></summary>The EU's <span class="law">Digital Services Act (DSA)</span> will require mandatory <strong>age verification for websites and apps</strong> containing 'potentially harmful' content, with Italy trialling implementation. Since 11/2025 (<span class="law">Caivano Decree</span>), Italy requires <strong>age verification for accessing pornographic websites</strong>, likely to expand to other content deemed inappropriate for children. <span class="blue"><a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><span class="law">"Chat Control 2.0"</span></a>, <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">approved by the EU Council on 2025.11.27</a> but not yet voted on by the EU Parliament, would also require <strong>age or ID verification for creating an email or messenger account</strong>. The <a href="https://reclaimthenet.org/eu-parliament-votes-for-mandatory-digital-id-and-age-verification-threatening-online-privacy" target="_blank">EU Parliament on 2025.11.27 approved <span class="law">Report A10-0213/2025</span>, proposing mandatory recurring age verification</a> (every 3 months) for social media, video platforms and AI chatbots - a non-binding resolution but expected to significantly influence national and EU policy.</span></details></td>
<td class="green"><strong>None</strong></td>
<td class="lred"><details><summary><strong>Partially banned</strong></summary><span class="law">Art. 79 of the EU's Anti-Money Laundering Regulation</span> states that, starting in 2027, <strong>financial service providers</strong> such as banks and crypto exchanges are <strong>not allowed to handle privacy-preserving cryptocurrencies</strong> such as Monero. However, it will remain legal to hold, send, and receive Monero in self-custodial wallets, and to accept Monero payments (e.g. VPN providers).</details></td>
<td class="red"><details><summary><strong>Yes (72 months)</strong></summary>Mandatory retention of ISP metadata (IPs, connection logs, browsing history) and telephony metadata (including mobile phone locations) for 6 years. ISP metadata older than 1 year and telephony metadata older than 2 years can only be accessed for terrorism investigations. <span class="blue">An EU Council paper from 12/2025 (<a href="https://reclaimthenet.org/eu-revives-plan-for-year-long-data-retention" target="_blank">WK 16133/2025 INIT</a>) proposed mandatory 1-year metadata retention applying to telecom operators, cloud platforms, domain hosts, payment processors, and even E2EE messengers such as WhatsApp and Signal.</span></details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="yellow"><details><summary><strong>Cross-platform</strong>, with open source app</summary>Some tasks requiring strong authentication require either the <strong>CieID app</strong> for Android/iOS or a desktop PC with a compatible USB smartcard reader. <strong>Linux is explicitly supported</strong> as a desktop OS. While the smartcard reader requires an upfront purchase, everything can be done without a smartphone or proprietary OS. The Android app requires Play Services / microG. Other, less essential, government apps for Android, such as IO or PosteID, require  Play Integrity and the Play Store (making a Google account and unmodified stock OS mandatory). <span class="blue">The upcoming <strong>EU Digital Wallet</strong> is still in development, but it seems that it will only be available as an app for iOS and stock Android (requiring Play Integrity and the Play Store), making an Apple or Google account mandatory.</span></details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> No fair use; only limited statutory exceptions for private copying, education, and criticism, provided specific requirements are met.</details></td>
</tr>


<tr>
<td><span class="country">Switzerland</span> <span class="flag">&#127464;&#127469;</span><br /><span class="update">Last updated: 2025.12.23</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary><span class="law">Penal Code §261bis</span> prohibits vaguely defined <strong>'hate speech'</strong> (incitement, discrimination, racism, sexism, religious discrimination), <strong>anti-LGBT speech</strong> <sup>(<a href="https://reclaimthenet.org/swiss-man-chooses-jail-over-fine-for-lgbt-speech-case" target="_blank">ex.</a>)</sup>, and <span class="tooltip"><strong>Holocaust denial or justification</strong><span class="tooltiptext">The wording of the law applies to all genocides, but in practice this is not the case: In 2015, the ECHR ruled in the case of Perinçek v. Switzerland that criminalizing the denial of the Armenian Genocide was an unnecessary restriction on freedom of expression. The ECHR made a distinction between the two, stating that Holocaust denial is "invariably seen as connoting an antidemocratic ideology and antisemitism", whereas the denial of the Armenian Genocide was deemed to be a matter of historical debate rather than a direct incitement to hatred.</span></span>.</details></td>
<td class="lred"><details><summary><strong>Selective censorship</strong></summary>Courts have ordered ISPs to <strong>block specific websites</strong>. A notable example is a 2007 case in the canton of Vaud, where a magistrate ordered Swiss ISPs to block three US-hosted websites for defamation of the Swiss judiciary.</details></td>
<td class="green"><strong>No bans</strong></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary><span class="blue">A <a href="https://tuta.com/blog/switzerland-surveillance-plan" target="_blank">proposed (2025) update to the <span class="law">VÜPF/OSCPT</span> surveillance law</a> would require VPN providers with &gt;5,000 users to identify their users. In 12/25, it was announced that the law proposal will be revised following backlash, but no details yet on what will change.</span></details></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary><span class="blue">A <a href="https://tuta.com/blog/switzerland-surveillance-plan" target="_blank">proposed (2025) update to the <span class="law">VÜPF/OSCPT</span> surveillance law</a> would require providers of email hosting, instant messaging, and social media with &gt;5,000 users to identify their users. In 12/25, it was announced that the law proposal will be revised following backlash, but no details yet on what will change.</span></details></td>
<td class="green"><strong>None</strong></td>
<td class="green"><strong>No bans</strong></td>
<td class="red"><details><summary><strong>Yes (6 months)</strong></summary>The <span class="law">SPTA</span> and <span class="law">OSCPT</span> require retention of ISP metadata (IPs, connection logs, browsing history) and telephony metadata (including mobile phone locations) for 6 months. <span class="blue">A <a href="https://tuta.com/blog/switzerland-surveillance-plan" target="_blank">proposed (2025) update to the <span class="law">VÜPF/OSCPT</span> surveillance law</a> would extend this requirement to email, instant messaging, and VPN providers with &gt;5,000 users. In 12/25, it was announced that the law proposal will be revised following backlash, but no details yet on what will change.</span></details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, <span class="lred">but will be smartphone-only</span></summary>SwissID functions <strong>fully via browser</strong> for login and e-government services, with OTP or passkeys created on a desktop PC. The mobile app is not required. <span class="lred">A new <strong>digital ID app called Swiyu</strong>, resulting from a 2025 vote, will only <strong>run on Android and iOS</strong>. A desktop app is not planned. However, the Android app will not require Play Integrity and will be available outside of the Play Store, so it will work on open-source Android distributions and without a Google account.</span></details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Permits limited exceptions for private use, quotation, education, and information reporting, but otherwise copyright is strictly enforced.</details></td>
</tr>


<tr>
<td><span class="country">Norway</span> <span class="flag">&#127475;&#127476;</span><br /><span class="update">Last updated: 2026.01.02</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary><span class="law">Penal Code §185</span> prohibits <strong>'discriminatory and hateful speech'</strong>, including the use of symbols. Maximum punishment of 3 years' imprisonment.</details></td>
<td class="lred"><details><summary><strong>Selective censorship</strong></summary>Courts have ordered ISPs to <strong>block specific websites</strong>, such as The Pirate Bay. <span class="blue">The EU's <span class="law">Digital Services Act (DSA)</span> creates obligations for 'content moderation' against not just illegal content but also legal but 'harmful' content such as 'disinformation', and also requires age verification from many websites. Even though Norway is not an EU member, as an EEA member it is already in the process of implementing the DSA, expected to become law in mid-2026, which will lead to the same indirect censorship as in the EU.</span></details></td>
<td class="green"><details><summary><strong>No bans</strong></summary>No current bans or mandatory backdoors. <span class="blue">As an EEA member, Norway may in the future have to adopt anti-encryption EU proposals like Chat Control 2.0 or eiDAS Art. 45.</span></details></td>
<td class="green"><strong>No bans</strong></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary><span class="blue">A proposal for a 15-year age limit for <strong>social media with effective age verification</strong> (ID or biometrics) was put forward in 2024. As of January 2026, the law has not yet been formally enacted but the government has signaled strong intent. The EU's <span class="law">Digital Services Act (DSA)</span> will also require mandatory age verification to access 'potentially harmful' content; Norway is in the process of implementing the DSA, expected to become law in mid-2026.</span></details></td>
<td class="red"><details><summary><strong>Yes</strong></summary>The <span class="law">Norwegian Criminal Procedure Act</span> allows police to require individuals to assist in an investigation, including <strong>decryption of encrypted devices</strong> (via password or biometrics). Refusal may result in contempt of court or an obstruction of justice charge.</details></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However, Monero has been delisted from most CEX for Norwegian users due to KYC and other regulations, even though it's not banned per se.</details></td>
<td class="lred"><details><summary><strong>IPs only (12 months)</strong></summary> Mandatory retention of IP allocation history for ISPs for 1 year, but no ISP connection logs or telephony metadata such as call logs and location history.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + token</summary>For e-government tasks requiring the highest security level, identification is done via <strong>BankID, Buypass ID, or Commfides</strong>. These can be used via a mobile app (Android or iOS) or, alternatively, with a USB token, smart card with card reader, or a code generator issued by a bank, depending on the chosen ID method.</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Follows European approach: no fair use, only specific exceptions for quotation, education, private use, parody, etc. Uses outside these lists aren’t permitted.</details></td>
</tr>


<tr>
<td><span class="country">Iceland</span> <span class="flag">&#127470;&#127480;</span><br /><span class="update">Last updated: 2026.01.02</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary><span class="law">Penal Code §233</span> prohibits vaguely defined <strong>'hate speech'</strong> (anyone who publicly mocks, defames, denigrates, or threatens a person or group based on nationality, colour, race, religion, sexual orientation, or gender identity shall be fined or imprisoned for up to 2 years). Insults are also technically illegal per <span class="tooltip"><span class="law">§234</span>, but the law is not applied in practice.<span class="tooltiptext">Insults are technically illegal in Iceland, Penal Code §234 under the section on Crimes against the Sanctity of Private Life. Punishable by fines or imprisonment up to one year. In practice however, the Icelandic Constitution makes that particular law toothless, due to the free expression clause. Speech crimes in general are very difficult to convict in Iceland because the courts have to prove that restricting the speech is "necessary and in accordance with democratic traditions". The state cannot initiate a prosecution, a private individual has to report it first. In total, about 30 people have been found guilty of insults in Iceland in as many years. In every case the punishment is simply to have your insult officially declared "dead and worthless". No jail time or fines have been issued.</span></span></details></td>
<td class="lred"><details><summary><strong>Selective censorship</strong></summary>Courts have ordered ISPs to <strong>block specific websites</strong>, such as The Pirate Bay. <span style="background-color: white;">The EU's <span class="law">Digital Services Act (DSA)</span>, which would lead to indirect censorship, has not yet been incorporated into the EEA Agreement and Iceland's implementation has not started. However, Icelandic law may have to align with the EU's censorship framework in the future.</span></details></td>
<td class="green"><details><summary><strong>No bans</strong></summary>No current bans or mandatory backdoors. <span class="blue">As an EEA member, Iceland may in the future have to adopt anti-encryption EU proposals like Chat Control 2.0 or eiDAS Art. 45.</span></details></td>
<td class="green"><strong>No bans</strong></td>
<td class="green"><details><summary><strong>No</strong></summary>The EU's <span class="law">Digital Services Act</span>, which would lead to mandatory age verification to access 'potentially harmful' content, has not yet been incorporated into the EEA Agreement. Iceland's implementation process has not started, with no legislative progress or established timelines. However, Icelandic law might have to align with the EU's age verification framework in the future.</details></td>
<td class="green"><strong>None</strong></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However, Monero has been delisted from most CEX for Icelandic users due to KYC and other regulations, even though it's not banned per se.</details></td>
<td class="green"><strong>None</strong></td>
<td class="green"><strong>No</strong></td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + OTP</summary>Most people use the <strong>Auðkenni mobile app</strong> for authentication, but the <strong>SIM-based electronic ID (MobileID)</strong> serves as an alternative and works on dumbphones as well. Note that SIM e-ID requires an Icelandic phone number, which can be inconvenient and costly for people living abroad. eSIMs will not work, as authentication is SIM-based rather than SMS OTP.</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Follows European approach: no fair use, only specific exceptions for quotation, education, private copying, etc. Uses outside these lists aren’t permitted.</details></td>
</tr>


<tr>
<td><span class="country">Russia</span> <span class="flag">&#127479;&#127482;</span><br /><span class="update">Last updated: 2026.03.04</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary>Illegal speech includes vaguely defined <strong>'hate speech'</strong>, <strong>'extremist' political positions</strong>, <strong>'humiliation of human dignity'</strong>, disseminating <strong>'unreliable' information and 'disinformation'</strong>, <strong>discrediting the Russian Army</strong> (including criticism of the invasion of Ukraine or Soviet actions in WW2), <strong>Holocaust denial</strong> and <strong>'rehabilitating' National Socialism</strong>. Key laws: <span class="law">Penal Code §280, §282, and §354</span> (not exhaustive).</details></td>
<td class="dred"><details><summary><strong>Pervasive censorship</strong></summary><strong>Pervasive censorship and blocking</strong> (including deep packet inspection), especially since the 2022 invasion of Ukraine. <strong>Russians face fines for 'deliberately searching' online</strong> for 'extremist materials' (as of 09/2025, this includes more than 5,000 resources on an ever-growing <strong>Ministry of Justice blacklist</strong>, including a book by opposition leader Alexei Navalny and Ukrainian songs). <strong>Blocked websites and apps</strong> include YouTube, WhatsApp, Facebook, Instagram, Telegram, X/Twitter, Rumble, Archive.to, Signal, SimpleX, Discord, Snapchat, Roblox, and Facetime.</details></td>
<td class="dred"><details><summary><strong>Yes (banned <span style="white-space: nowrap;">w/o</span> backdoor)</strong></summary>The <span class="law">Yarovaya Law</span> requires <strong>encryption backdoors</strong>. Russia restricts E2EE services that do not provide authorities with decrypted data access, making <strong>E2EE services de facto banned</strong>. Most recently, <strong>TLS 1.3, ESNI, DNS over HTTPS (DoH), and DNS over TLS (DoT) have been banned</strong>.</details></td>
<td class="dred"><details><summary><strong>Mostly blocked, use is illegal</strong></summary><span class="law">Yarovaya Law</span> (2016): VPNs must <strong>identify their users</strong> and <strong>keep logs</strong>. VPN apps have been <strong>forced off app stores</strong>. <strong>Advertising VPNs is illegal</strong>, with fines even for individuals 'promoting' them. <strong>VPN connections are actively blocked</strong> using deep packet inspection. <strong>VPN users can be fined.</strong></details></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary> <span class="blue">A proposed Russian law from 10/2025 plans to mandate the use of the state's biometric and e-government systems for mandatory <strong>age verification to access all adult or 'potentially harmful' online content</strong>; this measure broadly defines restricted content and would require users to authenticate their government identity each time, effectively <strong>eliminating online anonymity</strong>. </span></details></td>
<td class="yellow"><details><summary><strong>De jure no, de facto maybe</strong></summary> There is no specific, publicly documented Russian law. However, since 2019 all smartphones and computers sold in Russia must come with pre-installed Russian software, which most likely facilitates government access to these devices anyway. In practice, Russian authorities operate with significant leeway, and refusal to unlock a device or decrypt data can lead to serious consequences, even without an explicit legal mandate. Authorities may interpret refusal as suspicious behaviour, leading to prolonged detention or charges under vague laws like "obstructing law enforcement" or "extremism". While you may not be legally required to decrypt your data, the question is: do you feel lucky? A <a href="https://discuss.grapheneos.org/d/32300-how-russian-law-enforcement-handles-digital-evidence-during-investigations" target="_blank">training manual</a> for investigators approves of <strong>physical violence against suspects who refuse to unlock their device</strong>.</details></td>
<td class="red"><details><summary><strong>Banned commercially</strong></summary>Since 2022, it is <strong>prohibited to transfer or accept cryptocurrencies as payment for goods or services</strong>. It remains technically legal to own cryptocurrencies or use them in non-commercial contexts.</details></td>
<td class="red"><details><summary><strong>Yes (36 months)</strong></summary>The <span class="law">Yarovaya Law 2016</span> requires retention of ISP metadata (IPs, connection logs, browsing history), email and telephony metadata (including mobile phone locations) and even VPN logs for 3 years.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + OTP</summary> <strong>Browser login to Gosuslugi</strong> works with password + OTP, and no Android/iOS app is required for authentication.</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Uses must fall within a strictly defined list of statutory exceptions, such as quotation, news reporting, and personal use. No general fair use principle.</details></td>
</tr>


<tr>
<td><span class="country">Brazil</span> <span class="flag">&#127463;&#127479;</span><br /><span class="update">Last updated: 2026.03.04</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary>Illegal speech includes loosely defined <strong>'hate speech'</strong> (which includes racism, sexism, <a href="https://reclaimthenet.org/brazil-to-prosecute-gender-speech-offenses-and-track-online-dissent" target="_blank">transphobia</a> etc., and not just incitement but also slurs and jokes, which can result in prison sentences, e.g. 8 years for comedian Leo Lins) (<span class="law">Penal Code §20</span>), <strong>insulting or mocking a religion</strong> (<span class="law">§208</span>), <strong>justifying a crime</strong> (<span class="law">§287</span>), and <strong>insulting a public official</strong> (<span class="law">§331</span>).</details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary>Courts have ordered ISPs to <strong>block specific websites</strong>, mainly for <strong>political censorship</strong>. Social media websites must swiftly remove posts containing 'hate speech', inciting violence, or promoting 'anti-democratic acts' as soon as flagged, without requiring a court order. Rumble was forced to block Brazilian users due to censorship demands; X/Twitter was blocked by Brazilian ISPs in 2024 (with fines threatened for VPN-using Brazilians) until X complied with censorship demands. WhatsApp and Telegram were previously banned for similar reasons.</details></td>
<td class="green"><strong>No bans</strong></td>
<td class="yellow"><details><summary><strong>Not currently, but bans possible</strong></summary>In 2024, VPN apps were banned from the Apple App Store and Play Store and people found using a VPN to access X could be prosecuted and fined. These restrictions have since been lifted. This ban was enacted by Supreme Court Justice Alexandre de Moraes rather than through legislation, meaning such a <strong>VPN ban can happen again at any time</strong>.</details></td>
<td class="red"><details><summary><strong>Age verification</strong></summary>The <span class="law">Law No. 15,211/2025</span> ("ECA Digital" or "Felca Law") requires mandatory <strong>age verification for all digital platforms (including websites, apps, app stores, operating systems)</strong> with regard to 'inappropriate' content (e.g. sexual content, harassment, violence, self-harm, gambling). Since 2026, Apple requires age verification to <strong>install age-restricted apps</strong> on iOS. Platforms must use reliable methods such as government-issued ID or biometric verification to verify the age; self-declaration of age is explicitly prohibited.</details></td>
<td class="green"><strong>None</strong></td>
<td class="green"><strong>No bans</strong></td>
<td class="red"><details><summary><strong>Yes (12 months)</strong></summary>Mandatory retention of ISP metadata (IPs, connection logs, browsing history) and telephony metadata (call records, SMS metadata, location history) for 1 year.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="dred"><details><summary><strong>May need Google or Apple account &amp; device</strong></summary> Browser login to gov.br works with password + OTP, but for many sensitive tasks including digital signatures and tax filings a "Gold" status on gov.br is needed. This is usually attained through the <strong>gov.br Android/iOS app</strong>. An alternative is purchasing a digital certificate stored on a computer or smartcard, but these cost R$50–300/year, expire after 1–3 years, and require an in-person or video call identity validation appointment, making them very inconvenient compared to the smartphone app. The <strong>gov.br Android app uses Play Integrity and is only available from Google Play</strong>, requiring a Google account and unmodified Android (incompatible with GrapheneOS or LineageOS, which fail Play Integrity).</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Exceptions are limited to those expressly listed in statute (quotation, private copying for personal use, etc.), with interpretation strictly applied.</details></td>
</tr>


<tr>
<td><span class="country">India</span> <span class="flag">&#127470;&#127475;</span><br /><span class="update">Last updated: 2026.01.02</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary>Illegal speech includes vaguely defined <strong>'hate speech'</strong> (<span class="law">Penal Code §153A</span>, <a href="https://reclaimthenet.org/karnataka-enacts-indias-first-hate-speech-law" target="_blank"><span class="law">Karnataka Hate Speech and Hate Crimes (Prevention) Bill 2025</span></a>), <strong>insulting religions</strong> (<span class="law">Penal Code §295A &amp; §298</span>), <strong>contempt or exciting disaffection against the government</strong> (<span class="law">Penal Code §124A</span>), <strong>damaging public order or friendly relations with foreign states</strong>, <strong>damaging 'decency or morality'</strong>, <strong>incitement to an offense</strong> (all <span class="law">Constitution §19(2)</span>), and <strong>activities that threaten the sovereignty or integrity of India</strong> (<span class="law">Unlawful Activities (Prevention) Act</span>).</details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary><span class="law">§69A of the Information Technology Act 2000</span> allows the government to block public access to any information in the interest of sovereignty, integrity, national security, friendly relations with foreign states, or public order. The IT Ministry can make <strong>content-blocking orders to social media companies</strong> (e.g. X was ordered to block thousands of accounts in 2025) and ISPs are frequently ordered to <strong>block websites</strong> (e.g. a court ordered the blocking of Protonmail in 2025). In September 2025, Karnataka High Court held that X, as a foreign entity, cannot claim protection under India's constitutional guarantee of free speech, reinforcing the state's authority to compel online platforms to remove speech.</details></td>
<td class="red"><details><summary><strong>Yes (backdoor on demand)</strong></summary><span class="law">§69 of the Information Technology Act 2000</span> and <span class="law">Constitution Article 19(2)</span> have been interpreted by courts to empower the government to <strong>order decryption and interception of any message</strong>. In 2023, 14 apps offering E2EE messaging were banned, though the government has not provided a clear legal framework or blocking orders. WhatsApp and other companies have so far resisted backdoor demands.</details></td>
<td class="yellow"><details><summary><strong>Not banned, but restrictions</strong></summary>VPN servers located in India must <strong>collect and retain user data</strong>, but there is no ban on VPN use otherwise.</details></td>
<td class="green"><strong>No</strong></td>
<td class="red"><details><summary><strong>Yes</strong></summary><span class="law">§69 of the Information Technology Act 2000</span> empowers the government to <strong>compel assistance in decrypting information</strong> from "any subscriber or intermediary or any person in charge of the computer resource". Failure to comply is punishable by up to 7 years' imprisonment and/or a fine.</details></td>
<td class="green"><strong>No bans</strong></td>
<td class="red"><details><summary><strong>Yes (12 months)</strong></summary>Mandatory retention of ISP metadata (IPs, connection logs, browsing history) and telephony metadata (including mobile phone locations) for 1 year.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + OTP</summary> <strong>Browser login to DigiLocker or Aadhaar</strong> works with password + SMS OTP, and no Android/iOS app is required for authentication. However, a mobile phone is required to receive SMS OTPs.</details></td>
<td class="lred"><details><summary><strong>Fair Dealings</strong></summary> Numerous prescribed purposes (research, criticism, review, news reporting, education, judicial proceedings) are allowed, but uses outside these are not: more flexible than in Europe but not as broad as US fair use.</details></td>
</tr>


<tr>
<td><span class="country">China (P.R.)</span> <span class="flag">&#127464;&#127475;</span><br /><span class="update">Last updated: 2026.03.11</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary>Illegal speech includes vaguely defined <strong>'hate speech'</strong> (inciting hatred or discrimination among nationalities or harming national unity), <strong>injuring the reputation of state organs</strong> (effectively capturing any criticism of the government), <strong>'harming national unification'</strong> (e.g. arguing for the independence of Taiwan, Hong Kong, Macao, Tibet, or Xinjiang), <strong>disinformation or 'distorting the truth'</strong>, <strong>'destroying the order of society'</strong>, and <strong>criticising socialism</strong>.</details></td>
<td class="dred"><details><summary><strong>Pervasive censorship</strong></summary> The <strong>Great Firewall of China blocks a large amount of websites and apps</strong>, including Google, Youtube, Whatsapp, Facebook, Instagram, X, Snapchat, Pinterest, Wikipedia, Dropbox, and Signal. Content on the Chinese Internet is highly regulated and subject to a strict censorship regime. The government employs various methods, such as IP blocking, keyword filtering, and deep packet inspection, to enforce these restrictions.</details></td>
<td class="dred"><details><summary><strong>Yes (banned <span style="white-space: nowrap;">w/o</span> backdoor)</strong></summary>China has no explicit law outright banning E2EE, but authorities have banned encrypted apps and expressed disapproval of encryption that limits data access. International E2EE apps such as WhatsApp and Signal are blocked. The <span class="law">Cryptography Law 2020</span> grants state agencies full access to cryptographic systems and decryption keys, effectively nullifying private encryption. <strong>E2EE services without government decryption access are essentially banned or heavily restricted.</strong></details></td>
<td class="dred"><details><summary><strong>Mostly blocked, use is illegal</strong></summary>VPNs must be government-approved and must <strong>identify users</strong> and <strong>keep logs</strong>. VPN apps have been <strong>forced off app stores</strong>. <strong>High fines and prison terms</strong> can be imposed on VPN users. <strong>VPN connections are actively blocked</strong> using deep packet inspection.</details></td>
<td class="dred"><details><summary><strong>Real-name system</strong></summary>China mandates <strong>online real-name registration</strong> whereby users must provide official ID credentials to access most Internet services. The 2025 national Internet ID system builds on this by introducing a government-issued digital credential that centralises authentication across platforms, <strong>linking government databases with online activity</strong>. <span class="blue">In 01/2026, the <span class="law">Cybercrime Prevention and Control Law</span> was proposed, which lays out punishments for individuals attempting to bypass the Internet real-name system, including the usage of fake IDs or shared accounts.</span></details></td>
<td class="yellow"><details><summary><strong>De jure no, de facto maybe</strong></summary> De jure there is no key disclosure requirement, however China gives law enforcement significant powers and prioritizes its ability to compel decryption and access to data even if this means compelled disclosure of passwords or encryption keys in practice. Refusal to unlock a device or decrypt data is likely to be met with significant pressure, including detention, interrogation, accusations of obstructing justice, or charges under laws like the Anti-Terrorism Law or National Security Law.</details></td>
<td class="dred"><details><summary><strong>Banned</strong></summary>The People's Bank of China issued a <strong>ban on all crypto activities, including trading, mining, and individual ownership</strong>, effective from June 2025. The Chinese government aims to centralise financial control through its state-backed digital yuan (<strong>CBDC</strong>) and eliminate decentralised crypto assets.</details></td>
<td class="red"><details><summary><strong>Yes (6 months)</strong></summary> Mandatory retention of ISP metadata (such as IPs, connection logs, or browsing history), email and telephony metadata (including mobile phone locations) and even VPN logs for 6 months.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="lred"><details><summary><strong>Cross-platform, but mobile OS only</strong></summary> For government tasks requiring strong authentication, a smartphone is effectively mandatory because the primary methods <strong>rely on smartphone apps</strong> such as NNIA, CTID, WeChat, AliPay with no straightforward alternatives for desktop PCs or dumbphones. While some government portals have web interfaces, strong authentication often requires scanning a QR code with a mobile app like WeChat or Alipay, or using facial recognition/biometrics tied to a phone. Despite all this, Android phones sold in China are "degoogled" and you <strong>don't need Play Store or a Google account</strong> to download the apps; it is likely to work on FOSS Android distributions such as GrapheneOS or LineageOS. HarmonyOS phones are also supported and, while proprietary, can be used without a Huawei account.</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Very limited statutory exceptions; general fair use does not exist. Use usually only allowed for research, personal use, or narrow educational purposes.</details></td>
</tr>


<tr>
<td><span class="country">Japan</span> <span class="flag">&#127471;&#127477;</span><br /><span class="update">Last updated: 2025.12.02</span></td>
<td class="yellow"><details><summary><strong>Strict defamation laws</strong></summary> Nominally there are very few restrictions on speech, however defamation laws are very strict and <strong>insults</strong> and <strong>damaging someone's reputation</strong> can be prosecuted (Japanese defamation laws do not require the statement to be false; even true statements that harm someone's reputation can lead to legal consequences - unless disclosing the statement is in the public interest).</details></td>
<td class="lred"><details><summary><strong>Selective censorship</strong></summary> Court-ordered site blocks mainly targets <strong>piracy websites</strong>, especially those relating to manga and anime. However, this is usually applied to high-profile sites, not as a blanket censorship policy. A court ruling from 11/2025 <a href="https://reclaimthenet.org/cloudflare-liable-japan-manga-piracy-court-ruling" target="_blank">held CDN providers liable</a> for indirectly hosting copyrighted material, setting a dangerous precedent.</details></td>
<td class="green"><strong>No bans</strong></td>
<td class="green"><strong>No bans</strong></td>
<td class="green"><strong>No</strong></td>
<td class="green"><strong>None</strong></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However, Monero has been delisted from most CEX for Japanese users due to KYC and other regulations, even though it's not banned per se.</details></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary> <span class="blue">As of March 2025, <a href="https://btw.media/internet-governance/japan-considers-tougher-data-retention-rules/" target="_blank">Japan’s data protection laws are under review</a>. However, the legislative outcome is unclear.</span></details></td>
<td class="lred"><strong>Yes</strong>, except data-only SIMs</td>
<td class="lred"><details><summary><strong>Cross-platform, but proprietary OS only</strong></summary>Some tasks requiring strong authentication require either the mobile <strong>Mynaportal app for Android/iOS/Windows/macOS</strong>, or a compatible USB card reader for the desktop app. While the smartcard reader requires an upfront purchase, everything can be done without a smartphone. However, on Linux only browser access is offered, making some tasks such as digital signing impossible; a <strong>proprietary OS or smartphone</strong> is therefore required. The Mynaportal Android app appears to work on non-stock Android systems such as LineageOS or GrapheneOS, but it requires Play Services / microG and is only available on the Play Store (requiring a Google account; Aurora Store can work as an unsupported workaround).</details></td>
<td class="dred"><details><summary><strong>Very restrictive copyright law</strong></summary>Use allowed only for narrowly defined statutory exceptions such as quotation, certain educational use, and news reporting. No general fair use exception and generally <strong>very strict jurisprudence</strong>: people have been jailed for <a href="https://reclaimthenet.org/when-text-becomes-a-crime-how-transcribing-movies-led-to-jail-time-in-japan" target="_blank">transcribing a film to text</a>, <a href="https://www.ign.com/articles/japanese-police-arrest-36-year-old-man-on-suspicion-of-tampering-with-pokemon-violet-save-data" target="_blank">distributing modified game save data</a>, or using or creating software that can bypass DRM (Digital Restrictions Management).</details></td>
</tr>

</tbody>
</table>

<p id="statetrojan"><a href="#tableheader">*^</a> In many countries, law enforcement is explicitly permitted to install malware ("state trojan", "equipment interference") in order to remotely access a suspect's devices, circumventing the need to break encryption or force disclosure of passwords. This is legal in <em>at least</em> the USA, Australia, UK, Germany, France, Italy, Switzerland, Russia, and China; possibly most countries in practice. In most countries police is even allowed to secretly enter a suspect's home in order to physically install malware.</p>

<p>Colour guide:
<br /><span class="green">No, not restricted, as good as it gets</span>
<br /><span class="lgreen">No, not restricted for now but such laws are being planned at the moment</span>
<br /><span class="yellow">Restrictions only apply partially or indirectly; "No, but..."</span>
<br /><span class="lred">Yes, restrictions apply but are limited in scope; "Yes, but..."</span>
<br /><span class="red">Yes, restrictions apply</span>
<br /><span class="dred">Yes, restrictions apply and are very severe or wide in scope</span>
</p>


<h3>Want to add more countries?</h3>

<p>Of course I'd love to compare as many countries as possible, but it's a lot of work. Not only the initial research but especially keeping everything up to date and being aware of new developments and law proposals. Therefore, I do not currently plan to add any more countries myself. However, if you want to add another country, I'd be happy to include your contribution:</p>
<ul>
<li>Contribute via pull request on Github (ensure that the "Allow edits from maintainers" option is enabled when creating the pull request), or if you don't want to create a Github account or don't know HTML, then you can send me an email.</li>
<li>Required content: a "summary" (the part that's always visible) which should be very short (every row should have the same height); some details (the part that's collapsed and hidden by default) which should be as long as needed but as short as possible and should mention the names of laws where relevant; a suggested "colour" for the table cell</li>
<li>It should be "ready to publish", no more research needed from my side; please also give me some sources for fact-checking</li>
<li>The next countries to be added should be important countries (e.g. large population, big economy, regional power) <strong>or</strong> it can be a small country which is a "hidden champion" when it comes to digital freedom (like Iceland). Some relevant countries to include might be: <em>Argentina, Egypt, Indonesia, Iran, Mexico, Netherlands, New Zealand, Pakistan, Poland, Saudi-Arabia, South Africa, South Korea, Spain, Sweden, Taiwan, Thailand, Turkey, UAE</em></li>
<li>I would be very grateful if you could keep updating "your" country whenever the situation changes, to reduce the ongoing maintenance burden for me.</li>
</ul>

<h2>So, what's the conclusion?</h2>

<p>Despite the ever-present moaning about the US allegedly slipping into tyranny or the (merited) worries that every byte of data on American servers can be accessed by the NSA and CIA, <strong>the legal protections in the US are still strongest of all the countries I looked at and probably worldwide</strong>. There's always some ifs and buts, for example the age verification that's now mandatory in many US states (but not federally), but overall the US does quite well, with the biggest relative strength being free speech. Other countries with a high degree of freedom in the digital realm are <strong>Canada, Iceland, and Japan</strong>. Unsurprisingly, China is the least free. But it's also very disappointing to see how "red" many Western countries appear, especially when you consider all the further restrictions that are currently proposed or in preparation. Interestingly, censorship in Western countries happens indirectly, by forcing private companies to do the censoring and blocking (cf. NetzDG, OSA) so that the lawmakers can keep pretending that it's not <em>real</em> censorship.</p>

<h2>The Oppression Index</h2>
<p>It's hard to quantify the table above, but I have attempted it.</p>
<p><details><summary style="font-size: 120%;" >Methodology</summary>
Step 1: Assign the colours from the table to the following values:</p>
<ul>
  <li>green, light green (proposed) = 0</li>
  <li>yellow = 0.25</li>
  <li>light red = 0.75</li>
  <li>red = 1</li>
  <li>dark red = 1.25</li>
</ul>
<p>Step 2: Weigh the columns. This is also subjective but I went with these percentages:</p>
<ul>
  <li>20% - free speech</li>
  <li>15% each - censorship, encryption bans</li>
  <li>12.5% each - VPN bans, online ID/age verification</li>
  <li>7.5% each - key disclosure laws, Monero ban</li>
  <li>2.5% each - metadata retention, SIM card registration, digital ID/e-Gov apps, copyright law</li>
</ul>
<p>Step 3: Calculate the index as a sumproduct of the columns weight and colour values.<br />
Step 4: Normalise the index so that China has an oppression index of 1.</p></details>

<p>The result - excluding proposed laws - looks like this:</p>
<table class="index" style="width: fit-content;">
  <tr style="font-weight: bold;"><td>Country</td><td>Oppression Index</td></tr>
  <tr><td colspan="2" style="font-style: italic; background-color: lightgray; color: black;">Mostly free (for now)</td></tr>
    <tr><td>USA</td><td>0.10</td></tr>
  <tr><td colspan="2" style="font-style: italic; background-color: lightgray; color: black;">Decent (but at risk)</td></tr>
    <tr><td>USA - states with age verification laws</td><td>0.21</td></tr>
    <tr><td>Japan</td><td>0.22</td></tr>
    <tr><td>Canada</td><td>0.31</td></tr>
    <tr><td>Iceland</td><td>0.31</td></tr>
    <tr><td>Switzerland*</td><td>0.34</td></tr>
    <tr><td>Norway</td><td>0.42</td></tr>
  <tr><td colspan="2" style="font-style: italic; background-color: lightgray; color: black;">Restricted (and getting worse)</td></tr>
    <tr><td>Brazil</td><td>0.58</td></tr>
    <tr><td>Italy</td><td>0.60</td></tr>	
    <tr><td>India</td><td>0.63</td></tr>	
    <tr><td>Germany</td><td>0.64</td></tr>
    <tr><td>France</td><td>0.68</td></tr>
  <tr><td colspan="2" style="font-style: italic; background-color: lightgray; color: black;">Unfree (avoid if you can)</td></tr>	
    <tr><td>UK</td><td>0.77</td></tr>
    <tr><td>Australia</td><td>0.78</td></tr>    
    <tr><td>Russia</td><td>0.83</td></tr>
  <tr><td colspan="2" style="font-style: italic; background-color: lightgray; color: black;">Totalitarian (the frog has been boiled)</td></tr>
    <tr><td>PR China</td><td>1.00</td></tr>
</table>
<p>*would increase to 0.36 with the planned smartphone-only digital ID</p>

<h2>Don't be afraid to be an old man yelling at clouds</h2>

<p>There is not much we can do as individuals, ultimately. Maybe those of us who are lucky enough to live in a democracy need to vote harder next time or sign another petition :^) Even when the noose gets tightened more and more, we should always try to opt out of government and corporate overreach wherever we still can. And make no mistake: even though Big Tech companies sometimes make a stand against the most malicious laws, that doesn't automatically make them the "good guys" either.<br /><br />

<em>
I will block all ads<br />
I will block all trackers<br />
I will reject all cookies<br />
I will not subscribe to your newsletter<br />
I will not download your app <br />
I will not sign up or sign in<br />
I will not enable DRM<br />
I will bypass your paywall<br />
I will not share my location<br />
I will not hand out my phone number<br />
I will not verify my identity or confirm my age<br />
I will not solve your captcha<br />
I will not turn off my VPN<br />
I will disable telemetry<br />
I will refuse remote attestation <sup><a href="pics/remote_attestation.jpeg" target="blank">Why?</a></sup><br />
I will only use free software<br />
I will not make a Google, Apple or Microsoft account <br />
I will encrypt everything<br />
I will pay in cash or Monero wherever possible<br />
I will strive to have as little of the fruits of my labour stolen through taxation as is legally possible <br />
And finally, I will exercise my God-given right to unrestricted free speech to speak boldly and truthfully against tyrannical governments and other authoritarian powers. <br />
Simple as.
</em>
</p>

<script>
    // JavaScript to handle checkbox change
    document.addEventListener('DOMContentLoaded', function() {
        const checkbox = document.getElementById('expandCheckbox');
        checkbox.checked = false; // Ensure the checkbox is unchecked on page load

        checkbox.addEventListener('change', function() {
            const detailsElements = document.querySelectorAll('table details');
            detailsElements.forEach(details => {
                details.open = this.checked; // Set open state based on checkbox
            });
        });
    });
</script>

<script src="bottom.js "></script>
</body>
</html>