countries.htm

<!DOCTYPE html>
<html lang="en">
<head>
<title>Digital Freedom across the World</title>
<meta name="darkreader-lock">
<meta name="description" content="{REPLACE THIS}">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta charset="UTF-8">
<meta name="keywords" content="technology, operating systems, Linux distributions, Android ROMs, desktop environments, web browsers, instant messengers, cloud services, privacy, digital freedom, payments, cryptocurrencies, productivity software">
<meta name="author" content="Alphonse Eylenburg">
<link rel="stylesheet" href="style.css">
<style>
:root {
--legendwidth: 200px;
--columnwidth: 155px;
}

table {
width: calc(var(--legendwidth) + 11 * var(--columnwidth));
}

/* Make all details content smaller, except summary */
details {
  font-size: smaller;
}

/* Restore the summary (and everything inside it) to normal size */
details > summary {
  font-size: small; /* this is the size specified for table.comparison in style.css */
  hyphens: none; /* looks better when countries are in rows rather than columns */
}

span.country {
  font-size: 150%;
  font-weight: bold;
}

span.update {
  font-style: italic;
  font-size: 80%;
}

span.flag {
  font-size: 200%;
  float: right;
  margin-right: 10px;
}
</style>
</head>
<body>

<script src="top.js"></script>
<header>
<p><a href="index.html">&larr; Sitemap</a></p>
</header>


<h1>Digital Freedom across the World - Country Comparison</h1>
<p>I'm aware that this is probably going to be the most controversial article on this site and I deliberately want it to be the most polemic one. Some misguided individuals may insist that encryption is bad because it's just used by criminals and nonces and if you have nothing to hide you have nothing to fear, that we can't protect children from harm unless VPNs are banned, that courts ordering websites to be blocked is okay because - for now - it's mostly just affecting pirate sites plundering from starving Hollywood execs, or that freedom of speech doesn't mean freedom from consequences and doubleplusungood ideas are threatening our democracy or something.<br /><br />

The aim of this piece is to see what restrictions and freedoms for the Internet and computing in general are in place across the world. Besides just being an interesting study, there's also real-world utility: Where can you host a website without disclosing your name and adress? What country should you select for your VPN server? In which country will you not need to worry about the police kicking in your front door at 4 am because they didn't like a joke you made on social media?<br /><br />

What this is <em>not</em> is a general comparison of a country's freedom. I'm not looking at the freedom of press, at the election system, or at how libertarian a country is when it comes to guns, sex, or tax. This is purely a look at the digital realm.<br /><br />

I am comparing a carefully selected list of only a few countries; it would be great to compare all ~200 countries of the world but it is an impossible task. I have included the G7 countries (US, Canada, UK, Germany, France, Italy, Japan) and the BRIC countries (Brazil, Russia, India, China) and also Australia in order to honour them for being the first Western country to stop pretending they care about privacy or freedom. I also added Switzerland, Norway, and Iceland because they are European countries the EU and always come up in all those lists of what the best countries for privacy and VPNs are, as well as all those "most democratic and free countries" lists - so let's put them to the test.<br /><br />

Of course, there's many more countries in the world and many of them are lauded for their freedoms and protections from government overreach, for example I've heard good things about the Netherlands, Norway, Estonia, and Panama. But it's impossible to diligently compare all countries and there is no clear indication that I'm really missing out a hidden champion - a brief research shows that they all have some restrictions in this or that category. A final thought: for now, you might be able to find lots of freedom in a poor country with low Internet penetration where the government has better things to do than policing the web or isn't able to comprehensively enforce its laws. Why not host your VPS in Papua New Guinea, Transnistria, or Somaliland?</p>


<details><summary><strong>Disclaimer regarding free speech</strong></summary>
<p>To avoid misunderstandings, I would like to clarify that while I personally do not endorse any form of e.g. hate speech or discrimination, I believe in the principle that most speech and opinions should be legal, including speech that may be considered offensive or bigoted. Such speech should be countered with more speech and with dialogue, rather than through government censorship or legal penalties. I believe that government punishment of certain speech is ultimately damaging to democratic discourse, as hate speech laws tend to be very vague and can therefore potentially be misused by authoritarian governments to suppress dissent and limit free expression.
<br /><br />
To give some more examples:</p>
<ul>
	<li>I strongly disagree with discriminating or otherwise judging people based on their innate or immutable characteristics, such as ethnicity, sex, disability etc. However, I don't believe it should be the government's business to prosecute people for such speech, especially if the laws are worded very vaguely or if courts apply them unevenly and unpredictably. If even jokes or 'likes' on social media can potentially result in punishment, it means the only way to be safe from prosecution is to be quiet, and I believe that this will lead to self-censorship and fear of accidentally saying something that could be illegal, which ultimately harms democracy.</li>
	<li>I don't think it's good to insult people's religious feelings, but I am opposed to the idea that religions should have privileged protections and that criticising religions should be something that can be <a href="https://en.wikipedia.org/wiki/E.S._v._Austria_(2018)" target="_blank">potentially illegal</a>.</li>
	<li>I don't deny that the Holocaust happened, but I find it odd how some countries have specifically banned its denial, while at the same time it's often legal to deny other genocides. I think it can actually have the opposite effect, with people starting to wonder "why can't I say this? they must be hiding something!" In general, I disagree with laws that ban fringe theories on history - imagine if it was illegal to deny the moon landing or the Berlin wall or that something notable happened in 1989 on a big square in China's Northern Capital? These things are easy to prove and there is no need to jail people for saying things that can be easily countered with arguments.</li>
	<li>I don't think insulting people is good, but I don't think it should be illegal, and I especially don't think that politicians or the head of state should be privileged in that regard; especially if it's not clearly defined what actually constitutes an insult<!-- and when even <a href="https://weltwoche.ch/daily/deutsche-staatsanwaltschaft-jagt-blogger-der-vorwurf-er-habe-ricarda-lang-chefin-der-deutschen-gruenen-als-dick-bezeichnet-nun-wurde-ihm-auch-das-bankkonto-gesperrt/" target="_blank">calling a politician "fat"</a> can potentially get you in trouble-->. Likewise, I think misgendering people on purpose is mean and offensive, but I don't believe that it is something the government should get involved in (e.g. German Selbstbestimmungsgesetz providing for a penalty of up to €10,000).</li>
</ul>
<p>In summary, I believe that speech is either entirely free or not at all; once exceptions are introduced, even with good intentions, free speech ceases to exist. I also believe that free speech is a good thing and a that a democratic and open society cannot exist without it, even if is sometimes leads to discomfort or offense.</p>
</details>


<h2 class="center">Digital Freedom across the World - Country Comparison</h2>
<p class="center">Source: eylenburg.github.io</p>
<p class="center" style="color: red; font-size: small;">Last updated: 22 January 2026</p>
<p style="font-size: 75%; font-style: italic;"> This table is best viewed on a monitor with 1920px width (Full HD) with 100% display scaling.</p>


<div>
    <label style="font-size: 130%;"><input type="checkbox" id="expandCheckbox">Expand detail for all</label>
</div>

<p>Click on the "&#9654;" symbol to read more</p>

<table class="comparison">
<colgroup>
<col style="text-align: left; white-space: nowrap; padding-right: 5px; width: var(--legendwidth);"> <!-- legend -->
<col style="border-left: double; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
<col style="border-left: 1px solid lightgrey; width: var(--columnwidth);">
</colgroup>

<thead>
<tr style="height: 1px; display: none;">
<td style="width: var(--legendwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
<td style="width: var(--columnwidth);"></td>
</tr>

<tr>
<th id="tableheader"></th>
<th><strong>Legal restrictions of free speech online</strong><br />
  <details><summary><span style="font-weight: normal;" class="smaller">Explanation</span></summary><br /><span style="font-weight: normal;">Not counting as "speech" in this context are: pornography, copyright infringement, defamation, fraud, and inciting imminent targeted violence.<br /><br />Vague laws without clear definitions of which expressions and opinions are illegal automatically result in "red".</span></details>
</th>
<th><strong>Internet censorship</strong><br /><span class="smaller">(direct or indirect)</span><br />
  <details><summary><span style="font-weight: normal;" class="smaller">Explanation</span></summary><br /><span style="font-weight: normal;">Direct censorship would be for example the government ordering ISPs to block certain websites, while indirect censorship can include pressuring third parties to censor without a court order, e.g. government fining social media companies which don't remove enough "harmful" material.</span></details>
</th>
<th><strong>Encryption bans<a href="#statetrojan">*</a></strong><br /><span class="smaller">(incl. government backdoors or client-side scanning)</span></th>
<th><strong>Ban of anonymous VPNs, Tor, or I2P</strong></th>
<th><strong>Mandatory Online ID</strong><br /><span class="smaller">(incl. age verification or imprint obligations)</span></th>
<th><strong>Key disclosure laws<a href="#statetrojan">*</a></strong><br /><span class="smaller">(obligation to decrypt data or disclose passwords)</span></th>
<th><strong>Ban of anonymous digital payments</strong><br /><span class="smaller">(e.g. Monero)</span></th>
<th><strong>Mandatory non-targeted metadata retention</strong><br /><span class="smaller">(for Internet &amp; telecom data)</span></th>
<th><strong>Mandatory registration for SIM cards</strong></th>
<th><strong>No platform-agnostic Digital ID or e-Gov auth</strong><br />  <details><summary><span style="font-weight: normal;" class="smaller">Explanation</span></summary><br /><span style="font-weight: normal;">Ideally, these digital services - including all digitally available high-trust actions - should be compatible with all computing platforms and not require anyone to use a specific operating system or device. Specifically, it should (a) not be smartphone-dependent, (b) not require a proprietary operating system, and (c) not require a Google, Apple, or Microsoft account.</span></details>
<th><strong>No "fair use" of copyrighted material</strong></th>
</th>
</tr>

</thead>

<tbody>

<tr>
<td><span class="country">U.S.</span> <span class="flag">&#127482;&#127480;</span><br /><span class="update">Last updated: 2026.01.22</span></td>
<td class="lgreen"><details><summary><strong>Very few, but proposed</strong></summary><span class="tooltip">As good as it gets (see tooltip)  <span class="tooltiptext">In the United States, certain categories of speech are not protected by the First Amendment and can be considered illegal. These include obscenity, which must meet the Miller test by appealing to prurient interests, depicting sexual conduct in a patently offensive way, and lacking serious literary, artistic, political, or scientific value. Speech that constitutes fraud, child pornography, or is integral to illegal conduct is also unprotected. Additionally, speech that incites imminent lawless action, as established by the Brandenburg test, is not protected, meaning advocacy for violence or illegal acts is only punishable if it is directed at producing imminent lawless action and is likely to do so.<br /><br />Other unprotected categories include true threats, which involve serious expressions of intent to commit unlawful violence against a person or group, and "fighting words" that are likely to provoke an immediate violent response from an average person.<br /><br />False statements of fact made with actual malice or negligence can lead to liability in defamation cases, especially when they harm a person's reputation. Lying under oath (perjury) or making false statements to federal investigators is also criminal and unprotected. Commercial speech, such as advertising, receives diminished protection, and false or misleading advertising can be punished.<br /><br />Hate speech, while often offensive, is generally protected under the First Amendment unless it falls into one of the unprotected categories like true threats or incitement to violence. The government may regulate speech in specific contexts, such as broadcasting indecent language on public airwaves, which the FCC can fine under certain conditions. Intellectual property violations, such as copyright infringement or counterfeiting currency, also constitute illegal speech under relevant laws.</span></span><br />
   <span class="blue">The STOP HATE Act (proposed 2025) would ban 'hate speech', antisemitism, and 'disinformation'</span></details></td>
<td class="yellow"><details><summary><strong>Indirect &amp; proposed</strong> </summary><span class="blue">The <strong><a href="https://reclaimthenet.org/the-algorithm-accountability-acts-threat-to-free-speech" target="_blank">Algorithm Accountability Act</a></strong> (proposed), like the scrapped California's Senate Bill 771, aims to hold social media platforms liable for the content their algorithms distribute, which would lead to indirect censorship as companies may excessively moderate or censor content to avoid hefty penalties for alleged civil rights violations, effectively prioritizing algorithmic compliance over free expression. Similarly, the <strong><a href="https://reclaimthenet.org/bipartisan-bill-seeks-to-repeal-section-230-endangering-online-free-speech" target="_blank">Sunset Section 230 Act</a></strong> (proposed) would force online platforms to be responsible for what their users comment and post, which would force platforms to become more restrictive in order to protect themselves from lawsuits. The <strong>Block BEARD Act</strong> (proposed 2025) would force ISPs to block piracy websites.</span><br />Indirect censorship is possible already:<br />- The government has <strong>pressured social media platforms</strong> to remove content under the pretext of fighting misinformation and hate speech.<br />- High-profile cases such as WikiLeaks, SamouraiWallet and The Pirate Bay involve <strong>domain seizures</strong> framed as law enforcement actions against crime, which are considered legal despite First Amendment concerns.<br />- <strong>TAKE IT DOWN Act</strong>: Aimed at combating non-consensual sharing of intimate images, this act could enable censorship by allowing platforms to remove content based solely on complaints, without proof of harm or an appeals process.<br />- <strong>PAFACA</strong>: Commonly known as the "TikTok ban", targeting apps or websites owned by foreign entities. Proponents argue it is not censorship because a new (American) owner of TikTok would still be allowed to circulate the same content.<br />- <strong>Stop Hiding Hate Act (New York)</strong>: Forces social media platforms to report 'hate speech' incidents; while no fines for retaining legal content are imposed, it may coerce platforms into more aggressive moderation practices.</details></td>
<td class="green"><details><summary><strong>No bans</strong></summary> Though such laws are regularly proposed, they have so far all failed e.g. the EARN IT Act, Lawful Access to Encrypted Data Act, and Florida's “Social Media Use by Minors” bill (HB 744/SB 868)</details></td>
<td class="green" style="background: repeating-linear-gradient(135deg, #E7F2DD, #E7F2DD 10px, #CEE6BB 10px, #CEE6BB 20px);"><details><summary><strong>No, but proposed VPN bans in some states</strong></summary> <span style="background-color: aliceblue; display: block; width: 100%;">Some US states have <a href="https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-doing" target="_blank">proposed VPN bans or restrictions</a>, but no laws have passed yet.</span></details></td>
<td class="lred" style="background: repeating-linear-gradient(135deg, #EBC1AD, #EBC1AD 10px, #E7F2DD 10px, #E7F2DD 20px);"><details><summary><strong>Age verification in some states</strong></summary> <span style="background-color: #F5E0D6; display: block; width: 100%;"><strong>Age verification laws for the web are in place in several US states</strong>, but not on a federal level. <span class="blue">The <strong>Kids Online Safety Act</strong> (proposed 2025) and <strong>SCREEN Act</strong> (proposed 2025) aim to implement restrictions on a federal level. The proposed <strong>Kids Off Social Media Act</strong> would bar under‑13s from having social media accounts, which would require adults to verify their age.</span> <strong>California's Digital Age Assurance Act</strong> forces OSes, device makers, and app stores (no FOSS exemptions) to send age-related signals to developers; it does however not require ID checks. <br /><strong>App Store Accountability Acts</strong> in Texas, Utah, Louisiana and other states requires app stores and developers to implement age verification; Apple and Google say compliance will require collecting personally identifiable data.</span></details></td>
<td class="lred"><details><summary><strong>Passwords no, biometrics yes</strong></summary> Passwords are protected by the Fifth Amendment and do not need to be disclosed. The situation for biometric unlocking is more disputed, but courts have generally allowed police to compel biometric unlocks (e.g. forcing a suspect's finger onto a phone or holding a device to their face), starting with cases like United States v. Dionisio (1973).</details></td>
<td class="yellow"><details><summary><strong>No bans, but devs punished</strong></summary> There is no ban on the use of anonymous payment methods such as Monero, but in the past developers of cryptocurrency software allowing for financial privacy and anonymity have been prosecuted in the name of anti-money laundering, e.g. 'US v. Storm' and 'US v. Rodriguez' targeting the developers of Tornado Cash, a privacy protocol that mixes cryptocurrency transactions to obscure their origin.</details></td>
<td class="green"><details><summary><strong>None</strong></summary> No comprehensive federal requirement for ISPs to retain connection logs or metadata for all users; any retention is voluntary, although proposals for mandatory logging have existed (e.g. SAFETY Act 2009). <span class="tooltip">CLOUD Act<span class="tooltiptext">requires US-based service providers to provide law enforcement with data stored on their servers, even if those servers are located outside the United States. However, it does not require companies to retain or log data that they would not otherwise maintain as part of their operations. It only governs access to data that a provider already stores.</span></span> and <span class="tooltip">PRISM<span class="tooltiptext">PRISM is the name of a US intelligence program, disclosed in 2013, which enables the NSA to collect internet communications from US-based tech companies. PRISM allows for the compelled disclosure of content or metadata held by providers when targeted at non-US persons outside the US.</span></span> are not data retention laws.</details></td>
<td class="green"><strong>No</strong></td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + OTP</summary> Government services such as Login.gov or ID.me support browser-based login with password + OTP (via SMS, email, or authenticator app), and no Android/iOS smartphone is mandatory for access or authentication.</details></td>
<td class="yellow"><details><summary><strong>Fair Use, but DMCA misuse</strong></summary> Broad, flexible exceptions allowing various uses (such as commentary, criticism, news reporting, teaching, scholarship, and research) based on four fairness factors (purpose, nature, amount, market impact). However, the <span class="tooltip">DMCA<span class="tooltiptext">Digital Millennium Copyright Act</span></span> has in the past been misused for censorship and "taking down" legal content, as content needs to be removed quickly and without proving copyright infringement.</details></td>
</tr>

<tr>
<td><span class="country">Canada</span> <span class="flag">&#127464;&#127462;</span><br /><span class="update">Last updated: 2025.11.21</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary>Mostly relating to vaguely defined <strong>'hate speech'</strong> and <strong>Holocaust denial</strong> in Criminal Code §318 &amp; §319
  <br /><span class="blue">Proposed Bill C-9 (2025) would also ban the display of Nazi and Hamas symbols and widen the definition of 'hate speech', particularly relating to anti-religious offences.</span>
  <br /><span class="smaller">(+ failed laws like Bill C-36 (failed in 2021) or <span class="tooltip">Bill C-63 (failed in 2025))<span class="tooltiptext" style="font-size: 120%;">This bill would have included a maximum penalty of life imprisonment for hate crime offences, including non-violent speech offences such as 'hate propaganda'.</span></span></span></details></td>
<td class="lred"><details><summary><strong>Selective censorship</strong></summary> In the past, ISPs have been ordered to block websites associated with <strong>copyright infringement</strong>, though major sites like Anna's Archive or The Pirate Bay remain available. <span class="tooltip">Critics also worry that the <strong>Online Streaming Act</strong> enables state control about what Canadians see online. <span class="tooltiptext">This act extends the Canadian Radio-television and Telecommunications Commission's regulation to online streaming platforms like YouTube, Netflix, TikTok, and Spotify, requiring them to promote and recommend Canadian content. A central controversy is the perceived risk of government censorship and overreach. Critics worry that giving the CRTC authority to influence algorithms and content recommendations.</span></span></details></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary> <span class="blue">Bill C-26, centered on cybersecurity and expanding surveillance powers, passed the Parliament and reached Senate review in June 2024. Senate found technical flaws and amended it, sending it back to the House of Commons. As of July 2025, it has not yet become law and remains subject to legislative review and correction.</span></details></td>
<td class="green"><strong>No bans</strong></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary> <span class="blue">Bill S-209, aimed at mandatory age verification for access to online adult content, returned to the Senate for first reading in May 2025. Debate continues in Parliament with a focus on privacy and implementation challenges. The bill has not yet been enacted.</span></summary></td>
<td class="green"><strong>None</strong></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However,  Monero has been delisted from most CEX for Canadian users due to KYC and other regulations, even though it's not banned per se. Also, Justin Trudeau's Emergency Act granted the government the power to restrict cryptocurrency transactions, including Monero, as part of efforts to curb funding for the Freedom Convoy protests. It did, however, not constitute an outright ban of Monero or other cryptocurrencies.</details></td>
<td class="green"><strong>None</strong></td>
<td class="green"><strong>No</strong></td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + OTP</summary> Government services such as GCKey or Sign-In Partner support browser-based login with password + OTP (via SMS, email, or authenticator app), and no Android/iOS smartphone is mandatory for access or authentication.</details></td>
<td class="lred"><details><summary><strong>Fair Dealings</strong></summary> Use permitted only if it falls into prescribed categories (e.g., research, private study, criticism, review, news reporting, education, parody, satire). More restrictive than US.</details></td>
</tr>


<tr>
<td><span class="country">Australia</span> <span class="flag">&#127462;&#127482;</span><br /><span class="update">Last updated: 2026.01.22</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary> Mostly relating to vaguely defined <strong>'hate speech'</strong> and <strong>showing National Socialist symbols</strong>, such as the <strong>Racial Discrimination Act 1975</strong> and the <span class="tooltip"><strong>Criminal Code Amendment (Hate Crimes) Bill 2025</strong><span class="tooltiptext">"The laws at both federal and NSW levels aim to curb hate-fueled violence, particularly against Jewish Australians. They criminalize advocating force or violence against protected groups, toughen penalties for Nazi-related symbolism, and even impose mandatory minimum sentences for some offenses.<br /><br />The new laws stretched the rules in ways that might make civil liberties advocates nervous. Previously, to be charged with urging violence against a group, prosecutors had to prove intent. Now? Recklessness will do. This means you don't have to actually intend for violence to happen — just failing to consider the possibility could land you in serious trouble.<br /><br />The law also takes a broad approach to Nazi symbolism. Displaying a swastika was already illegal in some contexts, but now similar prohibitions apply to a range of extremist symbols, with penalties jumping from one year in prison to five. And if you're caught making a "Nazi salute?" Enjoy your 12-month mandatory minimum sentence." - <a href="https://reclaimthenet.org/sydney-terror-hoax-hate-crime-laws-overreach" target="_blank" style="color: white;">Reclaim The Net</a></span></span>. The <strong>Combatting Antisemitism, Hate and Extremism Bill 2026</strong>, passed in 01/26, <span class="tooltip">significantly restricts speech in ways that are <a href="https://reclaimthenet.org/australia-passes-new-hate-speech-law" target="_blank">dangerous and unusual</a>. <span class="tooltiptext">It criminalizes public conduct or expression (including online) if it would cause a 'reasonable person' to feel intimidated or harassed, without requiring proof of actual harm, real victims, or incitement to violence. The law shifts the burden of proof onto the accused for certain offenses (like displaying prohibited hate symbols), forcing them to justify exemptions. Furthermore it empowers the government to blacklist so-called hate groups based on executive discretion, and (even retroactively) punishes mere association, membership, or support with up to 15 years in prison. This goes far beyond typical hate speech laws in other countries, which usually demand intent to incite hatred or violence and include stronger safeguards for political, academic, or journalistic expression, making this bill exceptionally broad, subjective, and restricting free speech.</span></span></details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary> The <strong>Australian Communications and Media Authority (ACMA)</strong> has the power to enforce content restrictions on Internet content hosted within Australia, and maintain a blocklist of overseas websites. The <strong>eSafety Commission</strong> can order the removal of 'harmful' content and block access to certain websites, which in the past included archive.org and specific videos deemed inappropriate, such as violent incidents shared on platforms like X <a href="https://reclaimthenet.org/bishop-mar-mari-emmanuel-returns" target="_blank">[1]</a>, <a href="https://reclaimthenet.org/australia-threatens-x-fines-over-zarutska-video" target="_blank">[2]</a>. In the past, ISPs have also been ordered to block websites associated with <strong>copyright infringement</strong> (e.g. Anna's Archive, The Pirate Bay). Indirect censorship through the <strong>Online Safety Act</strong> which requires age verification for accessing potentially 'harmful' content.</details></td>
<td class="red"><details><summary><strong>Yes (backdoor on demand)</strong></summary>The <strong>Assistance and Access Act 2018</strong> allows intelligence and police agencies to issue notices to compel cooperation from technology companies in building in backdoor access. For example, the government demanded that Signal create a backdoor for them, which they refused so far.</details></td>
<td class="yellow"><details><summary><strong>Not banned, but restrictions</strong></summary> Social media firms are expected per eSafety guidance to block VPNs as they can be used to bypass Australia’s under-16 ban. In practice, platforms may have to blacklist VPN-associated IPs because they can't prove a VPN user isn't an Australian under 16. Alternatively, they would need to cross-check an account's historical IPs and collected location data in order to detect and block VPN use for Australians only.</details></td>
<td class="red"><details><summary><strong>Age verification</strong></summary> The <strong>Online Safety Bill 2024</strong> mandate age verification to restrict the use of social media by minors under the age of 16. Furthermore, age verification requirements have been extended to YouTube and search engines like Google and Bing.</details></td>
<td class="red"><details><summary><strong>Yes</strong></summary> The <strong>Cybercrime Act 2001</strong> grants police with a magistrate's order the wide-ranging power to require "a specified person to provide any information or assistance that is reasonable and necessary to allow the officer to access computer data that is 'evidential material'; this is understood to include mandatory decryption. Failing to comply carries a penalty of 6 months' imprisonment.</details></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However, Monero has been delisted from most CEX for Australian users due to KYC and other regulations, even though it's not banned per se.</details></td>
<td class="red"><details><summary><strong>Yes (24 months)</strong></summary> The <strong>Data Retention Act 2015</strong> requires retention of ISP metadata (such as IPs, connection logs, or browsing history), email and telephony metadata (including mobile phone locations) for 2 years.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="red"><details><summary><strong>Limited support</strong>, iOS/Android/AOSP required</summary> For certain government tasks requiring strong authentication (e.g. ATO linkage, DIN), you either need the <strong>myID app on an Android/iOS smartphone</strong> or must handle the process in-person. For now, the <span class="tooltip">myID app<span class="tooltiptext">not to be confused with the Australian myGov app, which enforces strong Play Integrity checks and therefore will not run on non-stock Android; however this app is not required for authentication, and its features are available in the web portal)</span></span> seems to be working on non-stock Android systems such as LineageOS or GrapheneOS, and it is unclear if it requires Play Services / microG, but it is <span class="tooltip">only available on the Play Store, which requires a Google account<span class="tooltiptext">A possible workaround is using Aurora Store to download the app from Play Store without a Google account, but it is not officially supported.</span></span>.</details></td>
<td class="lred"><details><summary><strong>Fair Dealings</strong></summary> Only allowed for specified purposes such as research, criticism, review, news reporting, parody/satire, professional advice, or education. Additional exceptions are very situation-specific and narrowly crafted.</details></td>
</tr>


<tr>
<td><span class="country">U.K.</span> <span class="flag">&#127468;&#127463;</span><br /><span class="update">Last updated: 2026.01.16</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary> Illegal speech includes vaguely defined <strong>'hate speech'</strong>, <span class="tooltip"><strong>anti-immigration speech</strong><span class="tooltiptext">In 2025, the UK government has deployed a <strong>"social media surveillance unit"</strong> for monitoring social media for anti-immigrant posts.</span></span>, <strong>speech likely to cause 'distress'</strong>, <strong>'indecent' or 'offensive' speech</strong>, <strong>'false' or 'misleading' information</strong>, <strong>obscenity</strong>, <strong>insults</strong>, <span class="tooltip"><strong>advocating against the monarchy</strong><span class="tooltiptext">Treason laws prohibit advocating the abolition of the monarchy or imagining the death of the monarch.</span></span>, <span class="tooltip"><strong>blaspheming Islam</strong><span class="tooltiptext"><a href="https://www.spectator.co.uk/article/england-now-has-a-blasphemy-law/" target="_blank" style="color: white;">"England now has a blasphemy law" - The Spectator</a> -  There is no official blasphemy law criminalizing criticism of Islam or Muslims. However, concerns have grown over recent prosecutions for actions deemed offensive to Islam (e.g., Quran burning) under existing public order and hate crime laws. Multiple high-profile cases and political discussions suggest a de facto return to blasphemy law principles via prosecution tactics, but no explicit blasphemy legislation has been passed as of July 2025.<br /><br />Furthermore, anti-Islam activists such as Ryan Williams and Tommy Robinson have been asked by police to unlock their phones and charged under Schedule 7 of the <strong>Terrorism Act 2000</strong>.</span></span>, and <span class="tooltip">more<span class="tooltiptext">e.g. UK laws on defamation are among the strictest in the western world, imposing a high burden of proof on the defendant</span></span>. The most important laws are the <span class="tooltip">Malicious Communications Act 1988<span class="tooltiptext">Prohibits sending letters, electronic communications, or articles with the purpose to cause distress or anxiety by conveying messages that are indecent, grossly offensive, or false (known or believed to be false by sender). Covers hate speech that is racially or religiously motivated. Jurisprudence may interpret any pro-White or nationalist sentiments as incitement, even benign expressions like "Love your Nation" or "It's OK to be White" (e.g., in the case of Samuel Melia). Criminalizes any malicious communications in general, including insults. Prison sentences up to 2 years possible.</span></span>, the <span class="tooltip">Hate Crime and Public Order (Scotland) Act<span class="tooltiptext">Addresses stirring up hatred on grounds such as race, religion, sexual orientation. Covers threatening communications that stir up religious hatred. Includes offences related to behaviour causing breach of the peace aggravated by racial or religious hatred.</span></span>, and the <span class="tooltip">Online Safety Act 2023 (particularly §179)<span class="tooltiptext">Enforces investigations and regulation of harmful online content, including disinformation. Section 179 establishes offence of false communications<br /><br />"Section 179 criminalizes knowingly false communications intended to cause "non-trivial psychological or physical harm." The wording here is as vague as it is dangerous. What qualifies as 'non-trivial psychological harm'? If the government decides that criticisms of its handling of the grooming gang scandal cause emotional distress to MPs—or, conveniently, to the public—it could label them as harmful misinformation. Knowing the penalties—up to 51 weeks in prison and unlimited fines—citizens may think twice before questioning the government on sensitive issues. And that's the goal: silence through fear." - [need to find source for quote]</span></span> but this is not a comprehensive list. Furthermore, police records <strong>non-crime hate incidents</strong> (NCHIs) which are classified as legal speech, but still remains on police records and may appear in background checks.</details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary> In the past, ISPs have been ordered to block websites associated with <strong>copyright infringement</strong> (e.g. Anna's Archive, The Pirate Bay) or <strong>Russian government propaganda</strong> (e.g. RT). Indirect censorship through the <strong>Online Safety Act</strong> which requires removal of speech that could be illegal in the UK as well as age verification for accessing <span class="tooltip">potentially 'harmful' content<span class="tooltiptext">including: Sexually explicit content. Content which encourages, promotes or provides instructions for: suicide,deliberate self-injury, or disordered eating or behaviors associated with an eating disorder. Content which is abusive or incites hatred against people by targeting any of the following characteristics: race, religion, sex, sexual orientation, disability, or gender reassignment. Bullying content. Violent content which: encourages, promotes or provides instructions for an act of serious violence against a person, or depicts real or realistic serious violence against a person, an animal, or a fictional creature, including the graphic depiction of a serious injury. Content which encourages, promotes, or provides instructions for a challenge or stunt highly likely to result in serious injury to the person who does it or to someone else. Content which encourages a person to ingest, inject, inhale, or self-administer a physically harmful substance, or a substance in physically harmful quantity. Content that shames or otherwise stigmatises body types or physical features. Content that promotes or romanticizes depression, hopelessness and despair. Filesharing websites.</span></span>. Many UK-based websites were forced to close due to the OSA and or have blocked UK IPs.</details></td>
<td class="red"><details><summary><strong>Yes (backdoor on demand)</strong></summary>The <strong>Investigatory Powers Amendment Bill</strong>, passed in 2024, expands the powers of the UK government to demand access to encrypted communications. The Online Safety Act, particularly Clause 122, allows Ofcom to compel companies to break end-to-end encryption, enabling mass surveillance of private communications. This law has been used against Apple, forcing them to <strong>stop offering iCloud end-to-end encryption</strong> in the UK and demanding a backdoor to access encrypted iCloud data for UK users. Furthermore, since 2026, the UK's <strong>Online Safety Act</strong> authorises Ofcom to require online platforms to deploy automated scanning systems (such as AI-driven content detection algorithms) that scan and analyse user messages, images, and videos on the client side before end-to-end encryption applies.</details></td>
<td class="yellow"><details><summary><strong>Not banned, but restrictions</strong></summary> Advertising the use of VPNs can be illegal under the Online Safety Act. <span class="blue">The House of Lords (who to be fair don't have the power to make laws) <a href="https://reclaimthenet.org/uk-lawmakers-propose-mandatory-on-device-surveillance-and-vpn-age-verification" target="_blank">proposed</a> in 12/25 (HL Bill 135) to have mandatory age verification for VPNs.</span></details></td>
<td class="red"><details><summary><strong>Age verification  &amp; imprint obligation</strong></summary> The <strong>Online Safety Act 2023</strong> requires age verification for a variety of <span class="tooltip">'potentially harmful' content<span class="tooltiptext">Sexually explicit content. Content which encourages, promotes or provides instructions for: suicide,deliberate self-injury, or disordered eating or behaviors associated with an eating disorder. Content which is abusive or incites hatred against people by targeting any of the following characteristics: race, religion, sex, sexual orientation, disability, or gender reassignment. Bullying content. Violent content which: encourages, promotes or provides instructions for an act of serious violence against a person, or depicts real or realistic serious violence against a person, an animal, or a fictional creature, including the graphic depiction of a serious injury. Content which encourages, promotes, or provides instructions for a challenge or stunt highly likely to result in serious injury to the person who does it or to someone else. Content which encourages a person to ingest, inject, inhale, or self-administer a physically harmful substance, or a substance in physically harmful quantity. Content that shames or otherwise stigmatises body types or physical features. Content that promotes or romanticizes depression, hopelessness and despair.</span></span> (not just limited to sexually explicit content). <span class="blue">As of 12/25, the UK government wants to 'encourage' Google and Apple to have <a href="https://reclaimthenet.org/uk-demands-nude-image-blocking-on-devices" target="_blank">mandatory client-side scanning of photos and videos</a> using AI on all smartphones and block all nudity unless the user has verified themselves as an adult. The House of Lords (who to be fair don't have the power to make laws) furthermore <a href="https://reclaimthenet.org/uk-lawmakers-propose-mandatory-on-device-surveillance-and-vpn-age-verification" target="_blank">proposed</a> (HL Bill 135) to ban all users from social media unless they have verified their age to be 16+, similar to the situation in Australia.</span> The <strong>Electronic Commerce (EC Directive) Regulations 2002</strong> have imprint obligations not just for commercial websites, but even for private websites with a small commercial element such as advertising banners.</details></td>
<td class="red"><details><summary><strong>Yes</strong></summary> The <strong>Regulation of Investigatory Powers Act 2000</strong> gives UK authorities the power to compel the disclosure of encryption keys or the decryption of encrypted data. Refusal to comply can result in a maximum sentence of two years imprisonment, or five years in cases involving national security or child indecence.</details></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However, Monero has been delisted from most CEX for British users due to KYC and other regulations, even though it's not banned per se.</details></td>
<td class="red"><details><summary><strong>Yes (12 months)</strong></summary> The <strong>Investigatory Powers Act 2016</strong> requires retention of ISP metadata (such as IPs, connection logs, or browsing history), email and telephony metadata (including mobile phone locations) for 1 year.</details></td>
<td class="green"><strong>No</strong></td>
<td class="dred"><details><summary><strong>May need Google or Apple account &amp; device</strong></summary>  Government services such as GOV.UK One, HMRC, and NHS support <strong>browser-based login with password + OTP</strong> (via SMS or authenticator app), so an Android/iOS smartphone is not required for normal sign-in. However, to verify your identity or register a new company, you need to use the <strong>GOV.UK One Login Android/iOS app</strong>, or alternatively you can <a href="hhttps://www.gov.uk/using-your-gov-uk-one-login/proving-your-identity" target="_blank">verify your identity in person at a post office, or answer security questions online</a> (depends on credit-reference data held by Experian, which might not work if your credit history is sparse or you don't have a UK bank account). Hence, <strong>while not strictly mandatory, the GOV.UK One Login app is the main route for identify verification.</strong> The <strong>Android app <a href="https://github.com/alphagov/govuk-mobile-android-app/issues/342" target="_blank">uses Play Integrity</a> and is only available from Google Play</strong>, and therefore requires a Google account and a phone with unmodified Android (incompatible with open source Android distributions like GrapheneOS or LineageOS, which fail Play Integrity). Furthermore, the government is planning to roll out a <strong>digital ID scheme</strong> ("Brit Card") for all citizens, which will most likely <strong>require an Android/iOS app</strong> with yet to be determined alternatives for people without smartphone.</details></td>
<td class="lred"><details><summary><strong>Fair Dealings</strong></summary> Permitted uses limited to research, private study, criticism, review, news reporting, parody, caricature, pastiche, and quotation. Other uses require permission.</details></td>
</tr>

<tr>
<td><span class="country">Germany</span> <span class="flag">&#127466;&#127482;&nbsp;&#127465;&#127466;</span><br /><span class="update">Last updated: 2026.01.16</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary> Illegal speech includes vaguely defined <strong>'hate speech'</strong> (Penal Code §130) (<span class="tooltip">including "liking" a post<span class="tooltiptext">see LG Meiningen, Beschl. v. 05.08.2022, 6 Qs 146/22</span></span>), <strong>insulting religions</strong> (Penal Code §166), <strong>Holocaust denial</strong> (Penal Code §130, §189), <strong>insults</strong> (Penal Code §185), <span class="tooltip"><strong>insulting politicians</strong><span class="tooltiptext"> including cases where people were prosecuted (though unclear if convicted) for bagatelles like calling Robert Habeck an "imbecile", Ricard Lang "fat", or Andy Grote a "penis"</span></span> (Penal Code §188), <span class="tooltip"><strong>National Socialists symbols and phrases</strong><span class="tooltiptext">technically it refers to the Dissemination of Means of Propaganda of Unconstitutional Organizations, or Use of Symbols of Unconstitutional Organizations, but in practice this does not just refer to things like a Swastika flag but can even result in convictions for seemingly harmless phrases like 'Alles für Deutschland' (Everything for Germany)</span></span> (Penal Code §86), <strong>disparagement of the President or the State and its symbols</strong> (Penal Code §90), <strong>revealing someone's biological sex or birth name</strong> (Self-Determination Act) or <span class="tooltip"><strong>misgendering</strong> them<span class="tooltiptext">Decision Landgericht Frankfurt a.M. 18.07.2024, Az. 2-03 O 275/24</span></span>, and <span class="tooltip">more<span class="tooltiptext">e.g. German laws on defamation are very strict, imposing a high burden of proof on the defendant</span></span></details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary> In the past, ISPs have been ordered to block websites associated with <strong>copyright infringement</strong> (e.g. Anna's Archive, The Pirate Bay), <strong>Russian government propaganda</strong> (e.g. RT), and <strong>far-right politics</strong>. The <strong>NetzDG</strong> requires social media platforms to remove illegal speech within strict timeframes and imposes fines for non-compliance. This law effectively forces social media companies to over-censor and remove even legal speech. The EU's <strong>Digital Services Act</strong> creates an obligation for platforms to take action in the form of 'content moderation' against not just illegal content, but also legal but 'harmful' content such as 'disinformation' (<a href="https://norberthaering.de/propaganda-zensur/dsa-verfassungsbeschwerde/" target="_blank">including truthful information</a>, as a Berlin court ruled) or 'negative effects on civic discourse or elections'. In the future it will also require age verification from many websites, leading to further de facto censorship. In 12/2025, the EU Commission fined X €120m for spurious 'transparency failures' under the DSA, which <a href="https://reclaimthenet.org/eu-fines-elon-musks-x-140-million-amid-free-speech-clash" target="_blank">has been interpreted</a> as a punishment for not censoring enough.</details></td>
<td class="yellow"><details><summary><strong>Potential backdoors, and proposed</strong></summary><strong>eIDAS Art. 45</strong>, an EU regulation, can act as a potential backdoor by obliging browsers to trust government-designated certificate authorities, which could technically allow lawful man-in-the-middle interception of HTTPS traffic. So far, no major browser has implemented Art. 45 QWAC support as envisioned, and open-source and non-EU browsers can largely ignore it.</span><br /><span class="blue">Various EU proposals, including the <span class="tooltip"><strong>ProtectEU strategy</strong><span class="tooltiptext">The ProtectEU strategy and related Roadmap are at the initial policy stage, aiming to provide law enforcement with "lawful and effective" access to encrypted data. As of July 2025, no legislative bill has been passed, but the Commission’s plan has raised alarm among privacy advocates</span></span> and the <span class="tooltip"><strong>HLG Recommendations on 'Access to Data for Effective Law Enforcement'</strong><span class="tooltiptext">The EU's High Level Group’s recommendations - including weakening end-to-end encryption and regulating VPNs - are not legally binding but inform legislative proposals. No formal law has passed as of July 2025, but these recommendations continue to shape digital policy debates.</span></span> aim to ban end-to-end encryption or mandate backdoors or circumvent it using client-side scanning. <span class="blue"><a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><strong>"Chat Control 2.0"</strong>,</a> <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">was approved by the EU Council on 2025.11.26</a>. While earlier versions included mandatory client-side scanning to circumvent end-to-end encryption in chats, the final version made it 'voluntary', however companies are encouraged to do 'voluntary' scanning of private messages, as it would give them legal certainty. Furthermore, a planned Commission review in 3 years could lead to mandatory scanning for some providers. National authorities may force 'high-risk; services to adopt risk-mitigation tech such as client-side scanning. The EU Parliament still needs to approve Chat Control with an expected vote in H1 2026.  </span></details></td>
<td class="green"><strong>No bans</strong></td>
<td class="red"><details><summary><strong>Age verification &amp; imprint obligation</strong></summary> <strong>§5 TMG</strong> prescribes imprint obligations not just commercial websites, but also for private websites with a small commercial element such as advertising banners. The EU's <strong>Digital Services Act</strong> will require mandatory age verification to access 'potentially harmful' content online. It also requires social media platforms to supply the government with the identity of people publishing 'harmful' (but mostly legal) opinions; 90% of the requests received by X in 2024 came from Germany. Since 12/2025, an amendment to the <strong>Youth Protection Act (JMStV)</strong> mandates that content harmful to minors must be restricted to adults, requiring age verification. <span class="blue"><a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><strong>"Chat Control 2.0"</strong>,</a> <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">approved by the EU Council on 2025.11.27</a> but not yet voted on by the EU Parliament, would also require age or ID verification for creating an email or messenger account. Furthermore, the <a href="https://reclaimthenet.org/eu-parliament-votes-for-mandatory-digital-id-and-age-verification-threatening-online-privacy" target="_blank">EU Parliament on 2025.11.27 approved <strong>report A10-0213/2025</strong>, proposing mandatory recurring age verification</a> (every 3 months) for social media, video platforms and AI chatbots. While this was only a non-binding resolution (i.e. it does not have direct legal force or become national law) it is still expected to significantly influence national policies and EU regulatory development.</span></details></td>
<td class="lred"><details><summary><strong>Passwords no, biometrics yes</strong> </summary> German law distinguishes between biometric data and passwords. Forcing biometric unlocks is more likely to be considered permissible because it involves physical evidence, whereas compelling a password may infringe on the right against self-incrimination. However, case law on this is limited and evolving. A 2019 case in Bavaria allowed police to use a suspect's fingerprint to unlock a phone, though the decision was controversial and not universally binding. Unlocking a cell phone by forcibly placing a defendant's finger on the phone's fingerprint sensor was ruled legal in 2025 by a court (OLG Bremen ruling Ref. 1 ORs 26/24 8.1.25) and police is also allowed to take fingerprints and attempt to use them for unlocking a device later (LG Ravensburg AZ 2 Qs 9/23 jug.). <!--In addition, <strong>law enforcement is explicitly allowed to use malware ("Staatstrojaner" in order to get remote access to a suspect's device</strong>. In two states (Berlin and Mecklenburg-Vorpommern) <a href="https://www.heise.de/en/news/Berlin-Police-can-secretly-enter-homes-for-state-trojan-installation-11103284.html" target="_blank">police can even secretly enter homes to install the state trojan</a>.--></details></td>
<td class="lred"><details><summary><strong>Partially banned</strong></summary> Art. 79 of the EU's Anti-Money Laundering Regulation states that, starting in 2027, financial service providers such as banks and crypto exchanges are not allowed to handle privacy-preserving cryptocurrencies such as Monero. However, it will remain legal to hold, send and receive Monero in self-custodial wallets, and to accept Monero payments (e.g. VPN providers).</details></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary> Despite several attempts to introduce a data retention law (Vorratsdaten&shy;speicherung) and passing parliament, it has been declared unconstitutional. There is currently no mandatory data retention in Germany. <span class="blue">An EU Council paper from 12/2025 (<a href="https://reclaimthenet.org/eu-revives-plan-for-year-long-data-retention" target="_blank">WK 16133/2025 INIT</a>) proposed a mandatory 1-year metadata retention (such as IP addresses and phone locations) that would apply not only to telecom operators but to nearly every major digital service, including cloud platforms, domain hosts, payment processors, and even end-to-end encrypted messengers such as WhatsApp and Signal</span></details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="yellow"><details><summary><strong>Cross-platform</strong>, with open source app</summary> Some tasks requiring strong authentication require the AusweisApp, either on an Android/iOS smartphone with NFC support or on a desktop computer with compatible USB smartcard reader. <strong>Linux is explicitly supported</strong> as a desktop OS. The <strong>AusweisApp is open source</strong> and has also been ported to FreeBSD and is available on F-Droid. While the smartcard reader is less convenient than the mobile app and has upfront purchase cost, it is still possible to do everything without a smartphone or proprietary OS. <span class="dred">The upcoming <strong>EU Digital Wallet</strong> will only be available as an app for iOS and stock Android (requiring strong Play Integrity and Play Store), therefore making an Apple or Google account mandatory.</span></details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> No general fair use; only narrow, enumerated exceptions for uses such as quotation, research, criticism, and certain educational and private uses. The list is exhaustive and exceptions are strictly interpreted.</details></td>
</tr>


<tr>
<td><span class="country">France</span> <span class="flag">&#127466;&#127482;&nbsp;&#127467;&#127479;</span><br /><span class="update">Last updated: 2026.01.16</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary>Mostly relating to vaguely defined <strong>'hate speech'</strong> (Gayssot Act 1990 &amp; Law of 30 Dec 2004), <strong>Holocaust denial</strong>, as well as  <strong>positive representation of drugs</strong> or incitement to their consumption (Penal Code §222-234 to §222-239)</detc.etails></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary> In the past, ISPs as well as third-party DNS and VPN providers, have been ordered to block websites associated with <strong>copyright infringement</strong> (e.g. The Pirate Bay), <strong>Russian government propaganda</strong> (e.g. RT), and <strong>far-right politics</strong>. This law effectively forces social media companies to over-censor and remove even legal speech. The EU's <strong>Digital Services Act</strong> creates an obligation for platforms to take action in the form of 'content moderation' against not just illegal content, but also legal but 'harmful' content such as 'disinformation' or 'negative effects on civic discourse or elections'. The DSA also requires age verification from many websites, leading to further de facto censorship. There is strong <strong>government pressure to censor on social media companies</strong>, for example Rumble was forced to blocked French IPs due to censorship demands (until an opposing court ruling in Oct 2025), the CEO of Telegram (Pavel Durov) was arrested in 2024 with the prosecutors alleging that censorship on Telegram was insufficient, and a French prosecutor classified X as an 'organised crime group' in 2025 for not censoring enough. In 12/2025, the EU Commission fined X €120m for spurious 'transparency failures' under the DSA, which <a href="https://reclaimthenet.org/eu-fines-elon-musks-x-140-million-amid-free-speech-clash" target="_blank">has been interpreted</a> as a punishment for not censoring enough.</details></td>
<td class="yellow"><details><summary><strong>Potential backdoors, and proposed</strong></summary><strong>eIDAS Art. 45</strong>, an EU regulation, can act as a potential backdoor by obliging browsers to trust government-designated certificate authorities, which could technically allow lawful man-in-the-middle interception of HTTPS traffic. So far, no major browser has implemented Art. 45 QWAC support as envisioned, and open-source and non-EU browsers can largely ignore it.</span><br /><span class="blue">Various EU proposals, including the <span class="tooltip"><strong>ProtectEU strategy</strong><span class="tooltiptext">The ProtectEU strategy and related Roadmap are at the initial policy stage, aiming to provide law enforcement with "lawful and effective" access to encrypted data. As of July 2025, no legislative bill has been passed, but the Commission’s plan has raised alarm among privacy advocates</span></span> and the <span class="tooltip"><strong>HLG Recommendations on 'Access to Data for Effective Law Enforcement'</strong><span class="tooltiptext">The EU's High Level Group’s recommendations - including weakening end-to-end encryption and regulating VPNs - are not legally binding but inform legislative proposals. No formal law has passed as of July 2025, but these recommendations continue to shape digital policy debates.</span></span> aim to ban end-to-end encryption or mandate backdoors or circumvent it using client-side scanning. <span class="blue"><a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><strong>"Chat Control 2.0"</strong>,</a> <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">was approved by the EU Council on 2025.11.26</a>. While earlier versions included mandatory client-side scanning to circumvent end-to-end encryption in chats, the final version made it 'voluntary', however companies are encouraged to do 'voluntary' scanning of private messages, as it would give them legal certainty. Furthermore, a planned Commission review in 3 years could lead to mandatory scanning for some providers. National authorities may force 'high-risk; services to adopt risk-mitigation tech such as client-side scanning. The EU Parliament still needs to approve Chat Control with an expected vote in H1 2026.  </span></details></td>
<td class="yellow"><details><summary><strong>Not banned, but restrictions</strong></summary> In May 2025, a Paris court ordered several VPN providers to block access to hundreds of domains. The court classified the VPN providers as 'technical intermediaries', wih the expectations that they have to monitor and restrict user access to banned content.</details></td>
<td class="red"><details><summary><strong>Age verification &amp; imprint obligation</strong></summary> <strong>Loi pour la confiance dans l'économie numérique</strong> prescribes imprint obligations not just commercial websites, but also for private websites with a small commercial element such as advertising banners. The EU's <strong>Digital Services Act</strong> will require mandatory age verification to access 'potentially harmful' content online, and France is trialling the implementation. Since 2025 (<strong>SREN Law</strong>), France requires age verification for accessing pornographic websites, and is is likely that will expand to other websites with content deemed inappropriate for children. <span class="blue">A <a href="https://reclaimthenet.org/france-social-media-ban-under-15-digital-id-age-verification" target="_blank">proposed law</a> would ban under-15s from using social media from 09/26 onwards, <strong>requiring identity checks</strong> for all users. <a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><strong>"Chat Control 2.0"</strong>,</a> <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">approved by the EU Council on 2025.11.27</a> but not yet voted on by the EU Parliament, would also require age or ID verification for creating an email or messenger account. Furthermore, the <a href="https://reclaimthenet.org/eu-parliament-votes-for-mandatory-digital-id-and-age-verification-threatening-online-privacy" target="_blank">EU Parliament on 2025.11.27 approved <strong>report A10-0213/2025</strong>, proposing mandatory recurring age verification</a> (every 3 months) for social media, video platforms and AI chatbots. While this was only a non-binding resolution (i.e. it does not have direct legal force or become national law) it is still expected to significantly influence national policies and EU regulatory development.</span></details></td>
<td class="red"><details><summary><strong>Yes</strong></summary> The Article 30 of the Law No. 2001-1062 of 15 Nov 2001 allows a judge or prosecutor to compel any qualified person to decrypt or surrender keys to make available any information encountered in the course of an investigation. Failure to comply with such a request can result in penalties, including three years of jail time and a fine of €45,000; if the compliance would have prevented or mitigated a crime, the penalty increases to five years of jail time and €75,000.</details></td>
<td class="lred"><details><summary><strong>Partially banned</strong></summary> Art. 79 of the EU's Anti-Money Laundering Regulation states that, starting in 2027, financial service providers such as banks and crypto exchanges are not allowed to handle privacy-preserving cryptocurrencies such as Monero. However, it will remain legal to hold, send and receive Monero in self-custodial wallets, and to accept Monero payments (e.g. VPN providers)</details></td>
<td class="red"><details><summary><strong>Yes (12 months)</strong></summary> Mandatory retention of ISP metadata (such as IPs, connection logs, or browsing history), email and telephony metadata (including mobile phone locations) for 1 year. <span class="blue">An EU Council paper from 12/2025 (<a href="https://reclaimthenet.org/eu-revives-plan-for-year-long-data-retention" target="_blank">WK 16133/2025 INIT</a>) proposed a mandatory 1-year metadata retention (such as IP addresses and phone locations) that would apply not only to telecom operators but to nearly every major digital service, including cloud platforms, domain hosts, payment processors, and even end-to-end encrypted messengers such as WhatsApp and Signal</span></details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="red"><details><summary><strong>Limited support</strong>, iOS/Android/AOSP required</summary> For certain government tasks requiring strong authentication (e.g. tax filings, e-signatures), you need a certified <strong>FranceConnect+ app for Android/iOS</strong> such as France Identité and L'Identité Numérique La Poste. For now, these apps seems to be working on non-stock Android systems such as LineageOS or GrapheneOS, but they require Play Services / microG and are <span class="tooltip">only available on the Play Store, which requires a Google account<span class="tooltiptext">A possible workaround is using Aurora Store to download the app from Play Store without a Google account, but it is not officially supported.</span></span>. <span class="dred">The upcoming <strong>EU Digital Wallet</strong> will only be available as an app for iOS and stock Android (requiring strong Play Integrity and Play Store), therefore making an Apple or Google account mandatory.</span></details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Uses are only allowed if they fit an exhaustive list of exceptions (quotation, press review, private copy, educational use). No general fair use doctrine; exceptions are narrowly interpreted.</details></td>
</tr>


<tr>
<td><span class="country">Italy</span> <span class="flag">&#127466;&#127482;&nbsp;&#127470;&#127481;</span><br /><span class="update">Last updated: 2026.01.21</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary> Illegal speech includes vaguely defined <strong>'hate speech'</strong> (Penal Code §604), <strong>Holocaust denial</strong> (Law 16 June 2016 n. 115), <strong>insulting religions</strong> (Penal Code §403), speech that is <strong><span class="tooltip">offensive to public morality<span class="tooltiptext">Laws prohibiting publications or performances offensive to public morality ("buon costume") do exist, but enforcement and prosecution for such offenses appear to be rare and not a high priority in practice</span></span></strong> (Penal Code §21), <strong>insulting the President</strong> (Penal Code §278)</details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary> In the past, ISPs as well as third-party DNS and VPN providers, have been ordered to block websites associated with <strong>copyright infringement</strong> (e.g. Anna's Archive, The Pirate Bay), <strong>Russian government propaganda</strong> (e.g. RT), and <strong>adult content</strong>. The <strong>'Piracy Shield'</strong> censorship framework targets piracy and sports streaming websites, but has also affected many innocent websites such as Google Drive. Italy <strong><a href="https://reclaimthenet.org/the-censors-strike-back-italys-crusade-against-the-open-internet" target="_blank">fined Cloudflare</a></strong> for not blocking worldwide access to piracy websites via their DNS resolver 1.1.1.1. <strong>archive.today/archive.is is DNS-blocked</strong> in Italy for copyright reasons (i.e. showing paywalled content). The EU's <strong>Digital Services Act</strong> creates an obligation for platforms to take action in the form of 'content moderation' against not just illegal content, but also legal but 'harmful' content such as 'disinformation' or 'negative effects on civic discourse or elections'. The DSA also requires age verification from many websites, leading to further de facto censorship. In 12/2025, the EU Commission fined X €120m for spurious 'transparency failures' under the DSA, which <a href="https://reclaimthenet.org/eu-fines-elon-musks-x-140-million-amid-free-speech-clash" target="_blank">has been interpreted</a> as a punishment for not censoring enough.</details></td>
<td class="yellow"><details><summary><strong>Potential backdoors, and proposed</strong></summary><strong>eIDAS Art. 45</strong>, an EU regulation, can act as a potential backdoor by obliging browsers to trust government-designated certificate authorities, which could technically allow lawful man-in-the-middle interception of HTTPS traffic. So far, no major browser has implemented Art. 45 QWAC support as envisioned, and open-source and non-EU browsers can largely ignore it.</span><br /><span class="blue">Various EU proposals, including the <span class="tooltip"><strong>ProtectEU strategy</strong><span class="tooltiptext">The ProtectEU strategy and related Roadmap are at the initial policy stage, aiming to provide law enforcement with "lawful and effective" access to encrypted data. As of July 2025, no legislative bill has been passed, but the Commission’s plan has raised alarm among privacy advocates</span></span> and the <span class="tooltip"><strong>HLG Recommendations on 'Access to Data for Effective Law Enforcement'</strong><span class="tooltiptext">The EU's High Level Group’s recommendations - including weakening end-to-end encryption and regulating VPNs - are not legally binding but inform legislative proposals. No formal law has passed as of July 2025, but these recommendations continue to shape digital policy debates.</span></span> aim to ban end-to-end encryption or mandate backdoors or circumvent it using client-side scanning. <span class="blue"><a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><strong>"Chat Control 2.0"</strong>,</a> <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">was approved by the EU Council on 2025.11.26</a>. While earlier versions included mandatory client-side scanning to circumvent end-to-end encryption in chats, the final version made it 'voluntary', however companies are encouraged to do 'voluntary' scanning of private messages, as it would give them legal certainty. Furthermore, a planned Commission review in 3 years could lead to mandatory scanning for some providers. National authorities may force 'high-risk; services to adopt risk-mitigation tech such as client-side scanning. The EU Parliament still needs to approve Chat Control with an expected vote in H1 2026.  </span></details></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> Websites are not allowed to point towards VPNs as a means to avoid age verification.</details></td>
<td class="red"><details><summary><strong>Age verification</strong></summary> The EU's <strong>Digital Services Act</strong> will require mandatory age verification to access 'potentially harmful' content online, and Italy is trialling the implementation. Since 11/2025 (<strong>Caivano Decree</strong>), Italy requires age verification for accessing pornographic websites, and is is likely that will expand to other websites with content deemed inappropriate for children. <span class="blue"><a href="https://www.patrick-breyer.de/en/reality-check-eu-council-chat-control-vote-is-not-a-retreat-but-a-green-light-for-indiscriminate-mass-surveillance-and-the-end-of-right-to-communicate-anonymously/" target="_blank"><strong>"Chat Control 2.0"</strong>,</a> <a href="https://reclaimthenet.org/eu-council-approves-new-chat-control-mandate-pushing-mass-surveillance" target="_blank">approved by the EU Council on 2025.11.27</a> but not yet voted on by the EU Parliament, would also require age or ID verification for creating an email or messenger account. Furthermore, the <a href="https://reclaimthenet.org/eu-parliament-votes-for-mandatory-digital-id-and-age-verification-threatening-online-privacy" target="_blank">EU Parliament on 2025.11.27 approved <strong>report A10-0213/2025</strong>, proposing mandatory recurring age verification</a> (every 3 months) for social media, video platforms and AI chatbots. While this was only a non-binding resolution (i.e. it does not have direct legal force or become national law) it is still expected to significantly influence national policies and EU regulatory development.</span></details></td>
<td class="green"><strong>None</strong></td>
<td class="lred"><details><summary><strong>Partially banned</strong></summary> Art. 79 of the EU's Anti-Money Laundering Regulation states that, starting in 2027, financial service providers such as banks and crypto exchanges are not allowed to handle privacy-preserving cryptocurrencies such as Monero. However, it will remain legal to hold, send and receive Monero in self-custodial wallets, and to accept Monero payments (e.g. VPN providers)</details></td>
<td class="red"><details><summary><strong>Yes (72 months)</strong></summary> Mandatory retention of ISP metadata (such as IPs, connection logs, or browsing history) and telephony metadata (including mobile phone locations) for 6 years. ISP metadata older than 1 year and telephony metadata older than 2 years can only be accessed to investigate terrorism cases. <span class="blue">An EU Council paper from 12/2025 (<a href="https://reclaimthenet.org/eu-revives-plan-for-year-long-data-retention" target="_blank">WK 16133/2025 INIT</a>) proposed a mandatory 1-year metadata retention (such as IP addresses and phone locations) that would apply not only to telecom operators but to nearly every major digital service, including cloud platforms, domain hosts, payment processors, and even end-to-end encrypted messengers such as WhatsApp and Signal</span></details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="yellow"><details><summary><strong>Cross-platform</strong>, with open source app</summary> Some tasks requiring strong authentication require either the <strong>CieID app</strong> for Android/iOS or a desktop PC with compatible USB card reader. <strong>Linux is explicitly supported</strong> as a desktop OS. While the smartcard reader is less convenient than the mobile app and has upfront purchase cost, it is still possible to do everything without a smartphone or proprietary OS. The Android app requires Play Services / microG to work. <span class="dred">The upcoming <strong>EU Digital Wallet</strong> will only be available as an app for iOS and stock Android (requiring strong Play Integrity and Play Store), therefore making an Apple or Google account mandatory.</span></details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> No fair use; only limited statutory exceptions for private copying, education, and criticism, provided specific requirements are met.</details></td>
</tr>


<tr>
<td><span class="country">Switzerland</span> <span class="flag">&#127464;&#127469;</span><br /><span class="update">Last updated: 2025.12.23</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary> Penal Code §261bis prohibits <span class="tooltip">vaguely defined <strong>'hate speech'</strong><span class="tooltiptext">incitement, discrimination, racism, sexism, religious discrimination</span></span> as well as <span class="tooltip">anti-LGBT speech<span class="tooltiptext">cf. <a href="https://reclaimthenet.org/swiss-man-chooses-jail-over-fine-for-lgbt-speech-case" target="_blank">https://reclaimthenet.org/swiss-man-chooses-jail-over-fine-for-lgbt-speech-case</a></span></span> and <span class="tooltip"><strong>Holocaust denial or justification</strong><span class="tooltiptext">The wording of the law applies to all genocides, but in practice this is not the case: In 2015, the ECHR ruled in the case of Perinçek v. Switzerland that criminalizing the denial of the Armenian Genocide was an unnecessary restriction on freedom of expression. The ECHR made a distinction between the two, stating that Holocaust denial is "invariably seen as connoting an antidemocratic ideology and antisemitism", whereas the denial of the Armenian Genocide was deemed to be a matter of historical debate rather than a direct incitement to hatred.</span></span></details></td>
<td class="lred"><details><summary><strong>Selective censorship</strong></summary> <span class="tooltip">In the past, courts have ordered ISPs to block specific websites.<span class="tooltiptext">A notable example occurred in December 2007, when a magistrate in the canton of Vaud ordered Swiss ISPs to block access to three websites hosted in the USA that strongly criticized the Swiss judiciary and were prosecuted for defamation. ISPs were required to alter their DNS servers to block specific domains.</span></span></details></td>
<td class="green"><strong>No bans</strong></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary> <span class="blue">A <a href="https://tuta.com/blog/switzerland-surveillance-plan" target="_blank">proposed (2025) update to the VÜPF/OSCPT surveillance law</a> would require VPN providers with >5,000 users to identify their users. In 12/25, it was announced that the law proposal will be revised following backlash, but no details yet what will change.</span></details></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary> <span class="blue">A <a href="https://tuta.com/blog/switzerland-surveillance-plan" target="_blank">proposed (2025) update to the VÜPF/OSCPT surveillance law</a> would require providers of email hosting, instant messaging, and social media with >5,000 users to identify their users. In 12/25, it was announced that the law proposal will be revised following backlash, but no details yet what will change.</span></details></td>
<td class="green"><strong>None</strong></td>
<td class="green"><strong>No bans</strong></td>
<td class="red"><details><summary><strong>Yes (6 months)</strong></summary> The SPTA and OSCPT require the retention of ISP metadata (such as IPs, connection logs, or browsing history) and telephony metadata (including mobile phone locations) for 6 months. <span class="blue">A <a href="https://tuta.com/blog/switzerland-surveillance-plan" target="_blank">proposed (2025) update to the VÜPF/OSCPT surveillance law</a> would extend this requirement to email, instant messaging, and VPN providers with >5,000 users.  In 12/25, it was announced that the law proposal will be revised following backlash, but no details yet what will change.</span></details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, <span class="lred">but will be smartphone-only</span></summary> SwissID functions <strong>fully via browser</strong> for login and access to e-government services, with OTP or passkeys created on a desktop PC. The mobile app is not required. A new biometric ID card is planned for 2026, but current systems don't mandate Android/iOS phones. <span class="lred">In 2025, Swiss citizens voted for the introduction of a Digital ID. It has been confirmed that this will come in the form of a <strong>smartphone app called Swiyu which will only run on Android and iOS</strong>. A desktop app is not planned. The Android app will not require Play Integrity and will be made available outside of the Play Store. Therefore it will still <strong>work on open source Android distribution and without a Google account</strong></span>.</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Permits limited exceptions for private use, quotation, education, and information reporting, but otherwise copyright is strictly enforced.</details></td>
</tr>


<tr>
<td><span class="country">Norway</span> <span class="flag">&#127475;&#127476;</span><br /><span class="update">Last updated: 2026.01.02</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary> Penal Code §185 prohibits <strong>'discriminatory and hateful speech'</strong>, including the use of symbols. Maximum punishment of 3 years prison.</details></td>
<td class="lred"><details><summary><strong>Selective censorship</strong></summary> In the past, courts have ordered ISPs to <strong>block specific websites</strong>, such as The Pirate Bay. <span class="blue">The EU's <strong>Digital Services Act</strong> creates an obligation for platforms to take action in the form of 'content moderation' against not just illegal content, but also legal but 'harmful' content such as 'disinformation' or 'negative effects on civic discourse or elections'. The DSA also requires age verification from many websites, leading to further de facto censorship. Even though Norway is not a EU member, it is an EEA member and, even though the DSA has not yet been incorporated into the EEA Agreement, Norway is already in the process of implementing the DSA, expected to become law in mid-2026. This will lead to the same indirect censorship as mandated in the EU.</span></details></td>
<td class="green"><details><summary><strong>No bans</strong></summary>No current bans or mandatory backdoors. <span class="blue">As an EEA member, Norway may in the future have to adopt anti-encryption EU proposals like Chat Control 2.0 or eiDAS Art. 45.</span></details></td>
<td class="green"><strong>No bans</strong></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary> <span class="blue">A 15-year age limit for social media in Norway with effective age verification (ID or biometrics) was proposed in 2024. As of January 2026, the law has not yet been formally enacted, but the government has signaled strong intent to move forward with it. The EU's <strong>Digital Services Act</strong> will require mandatory age verification to access 'potentially harmful' content online. Even though Norway is not a EU member, it is an EEA member and, even though the DSA has not yet been incorporated into the EEA Agreement, Norway is already in the process of implementing the DSA, expected to become law in mid-2026. </span></details></td>
<td class="red"><details><summary><strong>Yes</strong></summary> The Norwegian Criminal Procedure Act allows the police to require individuals to provide assistance in the investigation, including the decryption of encrypted devices (via password or biometrics). Refusing to provide a decryption key may result in consequences such as being held in contempt of court or being charged with obstruction of justice.</details></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However, Monero has been delisted from most CEX for Norwegian users due to KYC and other regulations, even though it's not banned per se.</details></td>
<td class="lred"><details><summary><strong>IPs only (12 months)</strong></summary> Mandatory retention of IP allocation history for ISPs for 1 year, but no ISP connection logs or telephony metadata such as call logs and location history.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + token</summary> For certain e‑government tasks requiring the highest security level, you must identify yourself using BankID, Buypass ID, or Commfides. These IDs can be used via a mobile app (Android or iOS) or, alternatively, with a USB token, smart card with card reader, or code generator issued by a bank, depending on the chosen ID method.</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Follows European approach: no fair use, only specific exceptions for quotation, education, private use, parody, etc. Uses outside these lists aren’t permitted.</details></td>
</tr>


<tr>
<td><span class="country">Iceland</span> <span class="flag">&#127470;&#127480;</span><br /><span class="update">Last updated: 2026.01.02</span></td>
<td class="red"><details><summary><strong>Restricted</strong></summary> <span class="tooltip">Penal Code §233 prohibits vaguely defined <strong>'hate speech'</strong>. <span class="tooltiptext">Anyone who publicly mocks, defames, denigrates or threatens a person or group of persons by comments or expressions of another nature, for example by means of pictures or symbols, for their nationality, colour, race, religion, sexual orientation or gender identity, or disseminates such materials, shall be fined or imprisoned for up to 2 years.</span></span> Insults are illegal as well per §234 but <span class="tooltip">the law is not applied in practice.<span class="tooltiptext">Insults are technically illegal in Iceland, Penal Code §234 under the section on Crimes against the Sanctity of Private Life. Punishable by fines or imprisonment up to one year. In practice however, the Icelandic Constitution makes that particular law toothless, due to the free expression clause. Speech crimes in general are very difficult to convict in Iceland because the courts have to prove that restricting the speech is "necessary and in accordance with democratic traditions". The state cannot initiate a prosecution, a private individual has to report it first. In total, about 30 people have been found guilty of insults in Iceland in as many years. in every case the punishment is simply to have your insult officially declared "dead and worthless." No jail time or fines have been issued.<span></span></details></td>
<td class="lred"><details><summary><strong>Selective censorship</strong></summary> In the past, courts have ordered ISPs to block specific websites, such as The Pirate Bay. <span style="background-color: white;">The EU's <strong>Digital Services Act</strong>, which would lead to indirect censorship, has not yet been incorporated into the EEA Agreement. Iceland's implementation process has not started, with no legislative progress or established timelines. However, Icelandic law might have to align with the EU's censorship framework in the future.</span></details></td>
<td class="green"><details><summary><strong>No bans</strong></summary>No current bans or mandatory backdoors. <span class="blue">As an EEA member, Iceland may in the future have to adopt anti-encryption EU proposals like Chat Control 2.0 or eiDAS Art. 45.</span></details></td>
<td class="green"><strong>No bans</strong></td>
<td class="green"><details><summary><strong>No</strong></summary>The EU's <strong>Digital Services Act</strong>, which would lead to mandatory age verification to access 'potentially harmful' content, has not yet been incorporated into the EEA Agreement. Iceland's implementation process has not started, with no legislative progress or established timelines. However, Icelandic law might have to align with the EU's age verification framework in the future.</details></td>
<td class="green"><strong>None</strong></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However, Monero has been delisted from most CEX for Icelandic users due to KYC and other regulations, even though it's not banned per se.</details></td>
<td class="green"><strong>None</strong></td>
<td class="green"><strong>No</strong></td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + OTP</summary> Most people use the <strong>Auðkenni mobile app</strong> for authentication, but the <strong>SIM-based electronic ID (MobileID)</strong> serves as an alternative and works on dumbphones as well. However, SIM e-ID requires an Icelandic phone number, which can be inconvenient and costly for people living abroad. eSIMs will not work, as authentication is done through SIM-based e-IDs rather than simple SMS OTP.</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Follows European approach: no fair use, only specific exceptions for quotation, education, private copying, etc. Uses outside these lists aren’t permitted.</details></td>
</tr>


<tr>
<td><span class="country">Russia</span> <span class="flag">&#127479;&#127482;</span><br /><span class="update">Last updated: 2025.12.05</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary> Illegal speech includes vaguely defined <strong>'hate speech'</strong>, <strong>'extremist' policitical positions</strong>, <strong>'humiliation of human dignity'</strong>, disseminating <strong>'unreliable' information and 'disinformation'</strong>, <strong>discrediting the Russian Army</strong> (including criticism of the invasion of Ukraine or the actions of the Soviets in WW2), <strong>Holocaust denial</strong> and <strong>'rehabilitating' National Socialism</strong>. Most important laws are §280, §282 and §354 of the Penal Code, but this is not a comprehensive list.</details></td>
<td class="dred"><details><summary><strong>Pervasive censorship</strong></summary> <strong>Pervasive censorship and blocking</strong> (including deep packet inspection), especially since the 2022 invasion of Ukraine. <strong>Russians face fines for 'deliberately searching' online</strong> for <span class="tooltip">'extremist materials'<span class="tooltiptext">As of 09/2025, this includes more than 5,000 resources from an ever-growing blacklist compiled by the Ministry of Justice. Examples include a book by opposition leader Alexei Navalny, who died in prison in 2024, and Ukrainian songs.</span></span> The Russian government has increasingly tightened its grip on the internet, especially in response to political protests and dissent. Blocked websites and apps include Youtube, Facebook, Instagram, X/Twitter, Rumble, Archive.to, Signal, SimpleX, Discord, Snapchat, Roblox, Facetime, and calls on WhatsApp and Telegram.</details></td>
<td class="dred"><details><summary><strong>Yes (banned <span style="white-space: nowrap;">w/o</span> backdoor)</strong></summary> The Yarovaya Law requires encryption backdoors. Russia restricts the use of end-to-end encrypted services that do not provide authorities with access to decrypted data, hence E2EE service are de facto banned in Russia. Most recently, TLS 1.3, ESNI, DNS over HTTPS (DoH), and DNS over TLS (DoT) have been banned. </details></td>
<td class="dred"><details><summary><strong>Mostly blocked, use is illegal</strong></summary> Yarovaya Law (2016): VPNs must identify their users and keep logs. VPN apps forced to be removed from app stores. Illegal to advertise VPNs, with fines even for individuals for 'promoting' VPNs. VPN connections are blocked, employing deep packet inspection. VPN users can be fined.</details></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary> <span class="blue">A proposed Russian law from 10/2025 plans to mandate the use of the state's biometric and e-government systems for mandatory age verification to access all adult or 'potentially harmful' online content; this measure broadly defines restricted content and would require users to authenticate their government identity each time, effectively eliminating online anonymity. </span></details></td>
<td class="yellow"><details><summary><strong>De jure no, de facto maybe</strong></summary> There is no specific, publicly documented Russian law. However, since 2019 all smartphones and computers sold in Russia must come with pre-installed Russian software, which most likely facilitates government access to these devices anyway. In practice, Russian authorities operate with significant leeway, and refusal to unlock a device or decrypt data can lead to serious consequences, even without an explicit legal mandate. Authorities may interpret refusal as suspicious behaviour, leading to prolonged detention or charges under vague laws like "obstructing law enforcement" or "extremism". While you may not be legally required to decrypt your data, the question is: do you feel lucky?</details></td>
<td class="red"><details><summary><strong>Banned commercially</strong></summary> Since 2022, "it is prohibited to transfer or accept digital financial assets as a consideration for transferred goods, performed works, rendered services, as well as in any other way that allows one to assume payment for goods (works, services) by a digital financial asset" (i.e. cryptocurrencies). It remains technically legal to own cryptocurrencies or use them in non-commercial contexts.</details></td>
<td class="red"><details><summary><strong>Yes (36 months)</strong></summary> The <strong>Yarovaya Law 2016</strong> requires retention of ISP metadata (such as IPs, connection logs, or browsing history), email and telephony metadata (including mobile phone locations) and even VPN logs for 3 years.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + OTP</summary> Browser login to Gosuslugi works with password + OTP, and no Android/iOS app is required for authentication.</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Uses must fall within a strictly defined list of statutory exceptions, such as quotation, news reporting, and personal use. No general fair use principle.</details></td>
</tr>


<tr>
<td><span class="country">Brazil</span> <span class="flag">&#127463;&#127479;</span><br /><span class="update">Last updated: 2026.01.02</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary> Illegal speech includes loosely defined <strong>'hate speech'</strong> (which includes racism, sexism, <a href="https://reclaimthenet.org/brazil-to-prosecute-gender-speech-offenses-and-track-online-dissent" target="_blank">transphobia</a> etc., and <span class="tooltip">not just incitement but also slurs and jokes<span class="tooltiptext">which can end with prison sentences, e.g. 8 years for comedian Leo Lins</span></span>) (Penal Code §20) <strong>insulting or mocking a religion</strong> (Penal Code §208), <strong>justifying a crime</strong> (Penal Code §287), and <strong>insulting a public official</strong> (Penal Code §331)</td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary> In the past, courts have ordered ISPs to block specific websites, mainly for the purpose of <strong>political censorship</strong>. Social media websites must swiftly remove posts that contain 'hate speech' incite violence, or promote so-called 'anti-democratic acts' as soon as they are flagged, sidestepping the need for a court order. Rumble was forced to block Brazilian users due to censorship demands, whereas X/Twitter was blocked by Brazilian ISPs in 2024 (with a threat of fine for any Brazilians accessing X through a VPN) until they caved in to Brazilian censorship demands. WhatsApp and Telegram were previously banned for similar reasons.</details></td>
<td class="green"><strong>No bans</strong></td>
<td class="yellow"><details><summary><strong>Not currently, but bans possible</strong></summary> In 2024, VPN apps were banned from the Apple App Store and Play Store. People found using a VPN to access X could be prosecuted and fined. These restrictions have since been lifted. This ban was enacted by Supreme Court Justice Alexandre de Moraes rather than through an act of legislation, meaning that such a VPN ban can happen again at any time.</details></td>
<td class="red"><details><summary><strong>Age verification</strong></summary> The <strong>"Adultization Bill"</strong> (2025) requires mandatory age verification for all digital platform with regard to 'inappropriate' content (e.g. sexual content, harassment, violence, self-harm, gambling).</details></td>
<td class="green"><strong>None</strong></td>
<td class="green"><strong>No bans</strong></td>
<td class="red"><details><summary><strong>Yes (12 months)</strong></summary> Mandatory retention of ISP metadata (such as IPs, connection logs, or browsing history) and telephony metadata (call records, SMS metadata, location history) for 1 year.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="dred"><details><summary><strong>May need Google or Apple account &amp; device</strong></summary> Browser login to gov.br works with password + OTP, but for many sensitive tasks including digital signatures and tax filings a "Gold" status on gov.br is needed. This is usually attained through the <strong>gov.br Android/iOS app</strong>. Alternative ways to attain Gold status are <strong>buying a digital certificate</strong> which is stored on a computer or smartcard. Digital certificates cost a fee of R$50-300 per year, expire after 1-3 years and require an appointment for identity validation (in person or as video call) and are therefore very inconvenient compared to the smartphone app. The <strong>gov.br Android app uses Play Integrity and is only available from Google Play</strong>, and therefore requires a Google account and a phone with unmodified Android (incompatible with open source Android distributions like GrapheneOS or LineageOS, which fail Play Integrity).</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Exceptions are limited to those expressly listed in statute (quotation, private copying for personal use, etc.), with interpretation strictly applied.</details></td>
</tr>


<tr>
<td><span class="country">India</span> <span class="flag">&#127470;&#127475;</span><br /><span class="update">Last updated: 2026.01.02</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary> Illegal speech includes vaguely defined <strong>'hate speech'</strong> (Penal Code §153A, <a href="https://reclaimthenet.org/karnataka-enacts-indias-first-hate-speech-law" target="_blank">Karnataka Hate Speech and Hate Crimes (Prevention) Bill 2025</a>), <strong>insulting religions</strong> (Penal Code §295A &amp; §298), <strong>contempt or exciting disaffection against the government</strong> (Penal Code §124A), <strong>damaging public order or friendly relations with foreign states</strong>, <strong>damaging 'decency or morality'</strong>, <strong>incitement to an offense</strong> (all Constitution §19(2)), and <strong>activities that threaten the sovereignty or integrity of India</strong> (Unlawful Activities (Prevention) Act)</details></td>
<td class="red"><details><summary><strong>Widespread censorship</strong></summary> §69A of the Information Technology Act 2000 allows the government to block public access to any information in the interest of sovereignty, integrity, national security, friendly relations with foreign states, or public order. The IT Ministry can make content-blocking orders to social media companies (e.g. X was ordered to block thousands of accounts in 2025) and ISPs are frequently ordered to block websites (e.g. a court ordered the blocking of Protonmail in 2025). In September 2025, Karnataka High Court held that X, as a foreign entity, cannot claim protection under India's constitutional guarantee of free speech, reinforcing the state's authority to compel online platforms to take down online speech.</details></td>
<td class="red"><details><summary><strong>Yes (backdoor on demand)</strong></summary> §69 of the Information Technology Act 2000 and Article 19 (2) of the Indian constitution, have been interpreted by the courts to empower the government to order the decryption and interception of any message. In 2023, 14 apps offering E2EE messaging were banned, though the government has not provided a clear legal framework or blocking orders for these actions. WhatsApp (India's most popular messaging app) and other companies have resisted demands for a backdoor so far.</details></td>
<td class="yellow"><details><summary><strong>Not banned, but restrictions</strong></summary> VPN servers located in India must collect and retain user data, but there is no ban on VPNs otherwise.</details></td>
<td class="green"><strong>No</strong></td>
<td class="red"><details><summary><strong>Yes</strong></summary> §69 of the Information Technology Act 2000 empowers the government to compel assistance from any "subscriber or intermediary or any person in charge of the computer resource" in decrypting information. Failure to comply with such a request is punishable by up to seven years' imprisonment and/or a fine.</details></td>
<td class="green"><strong>No bans</strong></td>
<td class="red"><details><summary><strong>Yes (12-24 months)</strong></summary> Mandatory retention of ISP metadata (such as IPs, connection logs, or browsing history) and telephony metadata (including mobile phone locations) for 1 year.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="green"><details><summary><strong>Platform-agnostic</strong>, can use browser + OTP</summary> Browser login to DigiLocker or Aadhaar works with password + SMS OTP, and no Android/iOS app is required for authentication. However, a mobile phone is required to receive SMS OTPs.</details></td>
<td class="lred"><details><summary><strong>Fair Dealings</strong></summary> Numerous prescribed purposes (research, criticism, review, news reporting, education, judicial proceedings) are allowed, but uses outside these are not: more flexible than in Europe but not as broad as US fair use.</details></td>
</tr>


<tr>
<td><span class="country">China (P.R.)</span> <span class="flag">&#127464;&#127475;</span><br /><span class="update">Last updated: 2025.10</span></td>
<td class="dred"><details><summary><strong>Severe limitations of speech</strong></summary> Illegal speech includes <span class="tooltip">vaguely defined <strong>'hate speech'</strong><span class="tooltiptext">Inciting hatred or discrimination among nationalists or harming the unity of the nationalities</span></span>, <strong>injuring the reputation of state organs</strong> (which could capture any criticism of the government), <strong>'harming national unification'</strong> (e.g. arguing for the independence of Taiwan, Hong Kong, Macao, Tibet, or Xinjiang) <strong>disinformation or 'distorting the truth'</strong>, <strong>'destroying the order of society'</strong>, and <strong>criticizing socialism</strong>.</details></td>
<td class="dred"><details><summary><strong>Pervasive censorship</strong></summary> The Great Firewall of China blocks a large amount of websites and apps, including Google, Youtube, Whatsapp, Facebook, Instagram, X, Snapchat, Pinterest, Wikipedia, Dropbox, and Signal. Content on the Chinese Internet is highly regulated and subject to a strict censorship regime. The government employs various methods, such as IP blocking, keyword filtering, and deep packet inspection, to enforce these restrictions. This censorship not only limits access to global information but also shapes public discourse within China.</details></td>
<td class="dred"><details><summary><strong>Yes (banned <span style="white-space: nowrap;">w/o</span> backdoor)</strong></summary> China does not have an explicit law that outright bans E2EE, but Chinese authorities have expressed disapproval of end-to-end encryption that limits their ability to access data, leading to bans of encrypted apps in the past. International apps offering E2EE, such as WhatsApp or Signal, are blocked in China. The Cryptography Law of 2020 grants state agencies full access to cryptographic systems and decryption keys, effectively nullifying the possibility of private, unbreakable encryption. Overall, end-to-end encrypted services without government decryption access are essentially not allowed or heavily restricted under Chinese law</details></td>
<td class="dred"><details><summary><strong>Mostly blocked, use is illegal</strong></summary> VPNs must be approved by the government and must identify their users and keep logs. VPN apps forced to be removed from app stores. High fines and even prison terms can be imposed on VPN users. VPN connections are blocked, employing deep packet inspection.</details></td>
<td class="dred"><details><summary><strong>Real-name system</strong></summary> China mandates online real-name registration whereby users must provide official ID credentials to access most Internet services. The new 2025 national Internet ID system builds on this by introducing a government-issued digital credential that centralizes authentication across platforms, linking government databases with online activity. </details></td>
<td class="yellow"><details><summary><strong>De jure no, de facto maybe</strong></summary> De jure there is no key disclosure requirement, however China gives law enforcement significant powers and prioritizes its ability to compel decryption and access to data even if this means compelled disclosure of passwords or encryption keys in practice. Refusal to unlock a device or decrypt data is likely to be met with significant pressure, including detention, interrogation, accusations of obstructing justice, or charges under laws like the Anti-Terrorism Law or National Security Law.</details></td>
<td class="dred"><details><summary><strong>Banned</strong></summary> The People’s Bank of China issued a ban on all crypto activities, including trading, mining, and individual ownership, effective from June 2025. The Chinese government aims to centralize financial control with its state-backed digital yuan (CBDC) and eliminate decentralized crypto assets.</details></td>
<td class="red"><details><summary><strong>Yes (6 months)</strong></summary> Mandatory retention of ISP metadata (such as IPs, connection logs, or browsing history), email and telephony metadata (including mobile phone locations) and even VPN logs for 6 months.</details></td>
<td class="red"><strong>Yes</strong>, must register with official ID</td>
<td class="lred"><details><summary><strong>Cross-platform, but mobile OS only</strong></summary> For government tasks requiring strong authentication, a smartphone is effectively mandatory because the primary methods <strong>rely on smartphone apps</strong> such as NNIA, CTID, WeChat, AliPay with no straightforward alternatives for desktop PCs or dumbphones. While some government portals have web interfaces, strong authentication often requires scanning a QR code with a mobile app like WeChat or Alipay, or using facial recognition/biometrics tied to a phone. Despite all this, Android phones sold in China are "degoogled" and you <strong>don't need Play Store or a Google account</strong> to download the apps; it is likely to work on FOSS Android distributions such as GrapheneOS or LineageOS. HarmonyOS phones are also supported and, while proprietary, can be used without a Huawei account.</details></td>
<td class="red"><details><summary><strong>Narrow statutory exceptions</strong></summary> Very limited statutory exceptions; general fair use does not exist. Use usually only allowed for research, personal use, or narrow educational purposes.</details></td>
</tr>


<tr>
<td><span class="country">Japan</span> <span class="flag">&#127471;&#127477;</span><br /><span class="update">Last updated: 2025.12.02</span></td>
<td class="yellow"><details><summary><strong>Strict defamation laws</strong></summary> Nominally there are very few restrictions on speech, however defamation laws are very strict and <strong>insults</strong> and <strong>damaging someone's reputation</strong> can be prosecuted (Japanese defamation laws do not require the statement to be false; even true statements that harm someone's reputation can lead to legal consequences - unless disclosing the statement is in the public interest).</details></td>
<td class="lred"><details><summary><strong>Selective censorship</strong></summary> Court-ordered site blocks mainly targets piracy websites, especially those relating to manga and anime. However, this is usually applied to high-profile sites, not as a blanket censorship policy. A court ruling from 11/2025 <a href="https://reclaimthenet.org/cloudflare-liable-japan-manga-piracy-court-ruling" target="_blank">held CDN providers liable</a> for indirectly hosting copyrighted material, setting a dangerous precedent.</details></td>
<td class="green"><strong>No bans</strong></td>
<td class="green"><strong>No bans</strong></td>
<td class="green"><strong>No</strong></td>
<td class="green"><strong>None</strong></td>
<td class="yellow"><details><summary><strong>No bans, but restrictions</strong></summary> However, Monero has been delisted from most CEX for Japanese users due to KYC and other regulations, even though it's not banned per se.</details></td>
<td class="lgreen"><details><summary><strong>No, but proposed</strong></summary> <span class="blue">As of March 2025, <a href="https://btw.media/internet-governance/japan-considers-tougher-data-retention-rules/" target="_blank">Japan’s data protection laws are under review</a>. However, the legislative outcome is unclear.</span></details></td>
<td class="lred"><strong>Yes</strong>, except data-only SIMs</td>
<td class="lred"><details><summary><strong>Cross-platform, but proprietary OS only</strong></summary> Some tasks requiring strong authentication require either the mobile <strong>Mynaportal app for Android/iOS/Windows/macOS</strong>, together with compatible USB card reader for the desktop app. While the smartcard reader is less convenient than the mobile app and has upfront purchase cost, it is still possible to do everything without a smartphone. However, or Linux, only browser access is offered which makes some tasks such as digital signing impossible. Therefore, either a proprietary OS or a smartphone is required. For now, the Mynaportal Android app seems to be working on non-stock Android systems such as LineageOS or GrapheneOS, but it requires Play Services / microG and it is <span class="tooltip">only available on the Play Store, which requires a Google account<span class="tooltiptext">A possible workaround is using Aurora Store to download the app from Play Store without a Google account, but it is not officially supported.</span></span>.</details></td>
<td class="dred"><details><summary><strong>Very restrictive copyright law</strong></summary> Use allowed only for narrowly defined statutory exceptions, such as quotation, certain educational use, and news reporting. No general fair use exception and generally very strict jurisprudence, for example, people have been jailed for <a href="https://reclaimthenet.org/when-text-becomes-a-crime-how-transcribing-movies-led-to-jail-time-in-japan" target="_blank" style="color: white;">transcribing a film to text</a>, <a href="https://www.ign.com/articles/japanese-police-arrest-36-year-old-man-on-suspicion-of-tampering-with-pokemon-violet-save-data" target="_blank">distributing modified game save data</a>, or using or creating device or software that can bypass DRM (Digital Restrictions Management).</details></td>
</tr>

</tbody>
</table>

<p id="statetrojan"><a href="#tableheader">*^</a> In many countries, law enforcement is explicitly permitted to install malware ("state trojan", "equipment interference") in order to remotely access a suspect's devices, circumventing the need to break encryption or force disclosure of passwords. This is legal in <em>at least</em> the USA, Australia, UK, Germany, France, Italy, Switzerland, Russia, and China; possibly most countries in practice. In most countries police is even allowed to secretly enter a suspect's home in order to physically install malware.</p>

<p>Colour guide:
<br /><span class="green">No, not restricted, as good as it gets</span>
<br /><span class="lgreen">No, not restricted for now but such laws are being planned at the moment</span>
<br /><span class="yellow">Restrictions only apply partially or indirectly; "No, but..."</span>
<br /><span class="lred">Yes, restrictions apply but are limited in scope; "Yes, but..."</span>
<br /><span class="red">Yes, restrictions apply</span>
<br /><span class="dred">Yes, restrictions apply and are very severe or wide in scope</span>
</p>


<h3>Want to add more countries?</h3>

<p>Of course I'd love to compare as many countries as possible, but it's a lot of work. Not only the initial research but especially keeping everything up to date and being aware of new developments and law proposals. Therefore, I do not currently plan to add any more countries myself. However, if you want to add another country, I'd be happy to include your contribution:</p>
<ul>
<li>Contribute via pull request on Github (ensure that the "Allow edits from maintainers" option is enabled when creating the pull request), or if you don't want to create a Github account or don't know HTML, then you can send me an email.</li>
<li>Required content: a "summary" (the part that's always visible) which should be very short (every row should have the same height); some details (the part that's collapsed and hidden by default) which should be as long as needed but as short as possible and should mention the names of laws where relevant; a suggested "colour" for the table cell</li>
<li>It should be "ready to publish", no more research needed from my side; please also give me some sources for fact-checking</li>
<li>The next countries to be added should be important countries (e.g. large population, big economy, regional power) <strong>or</strong> it can be a small country which is a "hidden champion" when it comes to digital freedom (like Iceland). Some relevant countries to include might be: <em>Argentina, Egypt, Indonesia, Iran, Mexico, Netherlands, New Zealand, Pakistan, Poland, Saudi-Arabia, South Africa, South Korea, Spain, Sweden, Taiwan, Thailand, Turkey, UAE</em></li>
<li>I would be very grateful if you could keep updating "your" country whenever the situation changes, to reduce the ongoing maintenance burden for me.</li>
</ul>

<h2>So, what's the conclusion?</h2>

<p>Despite the ever-present moaning about the US allegedly slipping into tyranny or the (merited) worries that every byte of data on American servers can be accessed by the NSA and CIA, <strong>the legal protections in the US are still strongest of all the countries I looked at and probably worldwide</strong>. There's always some ifs and buts, for example the age verification that's now mandatory in many US states (but not federally), but overall the US does quite well, with the biggest relative strength being free speech. Other countries with a high degree of freedom in the digital realm are <strong>Canada, Iceland, and Japan</strong>. Unsurprisingly, China is the least free. But it's also very disappointing to see how "red" many Western countries appear, especially when you consider all the further restrictions that are currently proposed or in preparation. Interestingly, censorship in Western countries happens indirectly, by forcing private companies to do the censoring and blocking (cf. NetzDG, OSA) so that the lawmakers can keep pretending that it's not <em>real</em> censorship.</p>

<h2>The Oppression Index</h2>
<p>It's hard to quantify the table above, but I have attempted it.</p>
<p><details><summary style="font-size: 120%;" >Methodology</summary>
Step 1: Assign the colours from the table to the following values:</p>
<ul>
  <li>green, light green (proposed) = 0</li>
  <li>yellow = 0.25</li>
  <li>light red = 0.75</li>
  <li>red = 1</li>
  <li>dark red = 1.25</li>
</ul>
<p>Step 2: Weigh the columns. This is also subjective but I went with these percentages:</p>
<ul>
  <li>20% - free speech</li>
  <li>15% each - censorship, encryption bans</li>
  <li>12.5% each - VPN bans, online ID/age verification</li>
  <li>7.5% each - key disclosure laws, Monero ban</li>
  <li>2.5% each - metadata retention, SIM card registration, digital ID/e-Gov apps, copyright law</li>
</ul>
<p>Step 3: Calculate the index as a sumproduct of the columns weight and colour values.<br />
Step 4: Normalise the index so that China has an oppression index of 1.</p></details>

<p>The result - excluding proposed laws - looks like this:</p>
<table class="index" style="width: fit-content;">
  <tr style="font-weight: bold;"><td>Country</td><td>Oppression Index</td></tr>
  <tr><td colspan="2" style="font-style: italic; background-color: lightgray; color: black;">Mostly free (for now)</td></tr>
    <tr><td>USA</td><td>0.10</td></tr>
  <tr><td colspan="2" style="font-style: italic; background-color: lightgray; color: black;">Decent (but at risk)</td></tr>
    <tr><td>USA - states with age verification laws</td><td>0.21</td></tr>
    <tr><td>Japan</td><td>0.22</td></tr>
    <tr><td>Canada</td><td>0.31</td></tr>
    <tr><td>Iceland</td><td>0.31</td></tr>
    <tr><td>Switzerland*</td><td>0.34</td></tr>
    <tr><td>Norway</td><td>0.42</td></tr>
  <tr><td colspan="2" style="font-style: italic; background-color: lightgray; color: black;">Restricted (and getting worse)</td></tr>
    <tr><td>Brazil</td><td>0.58</td></tr>
    <tr><td>Italy</td><td>0.60</td></tr>	
    <tr><td>India</td><td>0.63</td></tr>	
    <tr><td>Germany</td><td>0.64</td></tr>
    <tr><td>France</td><td>0.68</td></tr>
  <tr><td colspan="2" style="font-style: italic; background-color: lightgray; color: black;">Unfree (avoid if you can)</td></tr>	
    <tr><td>UK</td><td>0.77</td></tr>
    <tr><td>Australia</td><td>0.78</td></tr>    
    <tr><td>Russia</td><td>0.83</td></tr>
  <tr><td colspan="2" style="font-style: italic; background-color: lightgray; color: black;">Totalitarian (the frog has been boiled)</td></tr>
    <tr><td>PR China</td><td>1.00</td></tr>
</table>
<p>*would increase to 0.36 with the planned smartphone-only digital ID</p>

<h2>Don't be afraid to be an old man yelling at clouds</h2>

<p>There is not much we can do as individuals, ultimately. Maybe those of us who are lucky enough to live in a democracy need to vote harder next time or sign another petition :^) Even when the noose gets tightened more and more, we should always try to opt out of government and corporate overreach wherever we still can. And make no mistake: even though Big Tech companies sometimes make a stand against the most malicious laws, that doesn't automatically make them the "good guys" either.<br /><br />

<em>
I will block all ads<br />
I will block all trackers<br />
I will reject all cookies<br />
I will not subscribe to your newsletter<br />
I will not download your app <br />
I will not sign up or sign in<br />
I will not enable DRM<br />
I will bypass your paywall<br />
I will not share my location<br />
I will not hand out my phone number<br />
I will not verify my identity or confirm my age<br />
I will not solve your captcha<br />
I will not turn off my VPN<br />
I will disable telemetry<br />
I will refuse remote attestation <sup><a href="pics/remote_attestation.jpeg" target="blank">Why?</a></sup><br />
I will only use free software<br />
I will not make a Google, Apple or Microsoft account <br />
I will encrypt everything<br />
I will pay in cash or Monero wherever possible<br />
I will strive to have as little of the fruits of my labour stolen through taxation as is legally possible <br />
And finally, I will exercise my God-given right to unrestricted free speech to speak boldly and truthfully against tyrannical governments and other authoritarian powers. <br />
Simple as.
</em>
</p>

<script>
    // JavaScript to handle checkbox change
    document.addEventListener('DOMContentLoaded', function() {
        const checkbox = document.getElementById('expandCheckbox');
        checkbox.checked = false; // Ensure the checkbox is unchecked on page load

        checkbox.addEventListener('change', function() {
            const detailsElements = document.querySelectorAll('table details');
            detailsElements.forEach(details => {
                details.open = this.checked; // Set open state based on checkbox
            });
        });
    });
</script>

<script src="bottom.js "></script>
</body>
</html>