Site logo
Age Verification: Evidence, Risks and Alternatives
#privacy #anonymity #age-verification #legislation #online-safety #surveillance

Age Verification: Evidence, Risks and Alternatives

Hamzahยท27 April 2026

๐Ÿ“‹ What are age verification laws?

Age verification laws require platforms - social media, news sites, forums, sometimes entire app stores - to confirm a user's age before granting access. On paper, it sounds reasonable. In practice, it's a privacy nightmare.

To verify your age, you typically have to hand over:

  • A government-issued ID (passport, driver's license).
  • Biometric data (facial scans matched to your ID).
  • Or link your account to a third-party identity broker.

The moment you do that, you are no longer anonymous. Every platform you verified with now knows exactly who you are and so does every data breach, advertiser, or government agency. Anonymity isn't a loophole these laws accidentally close. It's a feature they deliberately eliminate.

There is also a more immediate risk: age verification creates centralised databases of sensitive identity documents (passports, biometrics, legal names) - tied to browsing behaviour, making them a single high-value target. This month (April 2026), a UK biobank was breached and 500,000 people's personal data was leaked. A biobank is supposed to be highly regulated, professionally secured, and yet it was compromised (regardless of whether this was an inside job or external hack). The question is never whether a database will be breached. It's when, and how much damage it does.

๐ŸŽฏ What age verification is supposed to fix

The concerns driving these laws are real, even if the solutions aren't.

The stated goals are to protect minors from:

  • Harmful or explicit content - pornography, graphic violence.
  • Predatory behaviour - grooming, exploitation.
  • Radicalisation - extremist communities targeting young people (applies to all religions).
  • Addictive platform design - endless feeds engineered to keep kids scrolling, contributing to rising rates of anxiety, poor sleep, and shortened attention spans.

These are legitimate problems. Nobody serious argues otherwise. The question is whether forcing everyone to prove their identity actually solves any of them or whether it just creates a new set of much larger problems.

๐Ÿ”’ Why anonymity matters

Online anonymity isn't about hiding bad behaviour. For most people, it's about living freely.

  • Safety from retaliation - Whistleblowers, domestic abuse survivors, and journalists depend on anonymity to speak without fear.
  • Freedom to explore identity - People questioning their beliefs, or navigating mental health issues often need a private space to figure things out.
  • Protection from tracking - Every click, search, and opinion you express online is harvested, profiled, and sold. Anonymity limits how much behavioural data corporations can package and monetise without meaningful consent.
  • Access to sensitive information - Health questions, legal situations, personal struggles - people search for these things precisely because they don't want anyone to know what they are asking.
  • Anonymity is a lifeline in authoritarian contexts - For people living under repressive governments, or even just in controlling households, anonymous access to information and community isn't a convenience, it's survival.

Strip anonymity away, and you don't just lose privacy. You lose public trust - and without it, people disengage, go underground, or find workarounds. Surveillance doesn't create compliance, it creates resentment.

โš–๏ธ Why privacy wins

Before we trade everyone's privacy to solve the problems affecting minors, we should ask for evidence that age verification actually works. The UK's Online Safety Act, Australia's age verification trials, the US KOSA bill - none were accompanied by peer-reviewed research showing ID checks meaningfully reduce harm. The burden of proof should be on those removing privacy, not those defending it.

The "but what about the children" argument also falls apart quickly because anonymity actively protects children too. A teenager seeking mental health support, a minor researching how to leave an abusive home, a young person exploring beliefs different from their family's - these people are made less safe when their digital activity is tied to a verified identity that parents, schools, or governments can access.

Platforms most associated with child exploitation already require accounts. Predators don't need anonymity, they need access. Verification doesn't remove that. It just gives them a verified account.

Another important argument is about power. Privacy is the precondition for every other right. Free speech, free religion, free assembly - these rights may survive on paper without it, but surveillance makes them too dangerous to exercise in practice.

And to those building these systems: the infrastructure you construct doesn't stay in your hands forever. Every politician and executive who supports age verification today is building the architecture that their successor - someone who may hold very different values and intentions - will inherit and control. You don't build a surveillance system and then trust that only the right people will ever run it.

๐Ÿ›๏ธ Legislation written by people who don't understand it

The people legislating it often demonstrably don't understand how the internet works.

We have seen this many times - parliamentary hearings where lawmakers ask social media CEOs how algorithms work or propose technical "solutions" that any developer could tell you are either impossible or trivially bypassed.

Technical experts are rarely being consulted and even when they are, their input tends to get filtered through a political lens and cherry-picked when convenient. The result is legislation written around motives rather than technical experience.

๐Ÿ‘๏ธ What this is really about

Here is what we know so far:

  • No evidence exists that sweeping blanket age verification laws protect children - yet they keep getting proposed as if it's settled science.
  • The US, EU, Australia, and others all rushed near-identical legislation in the same window of time. That kind of global coordination on internet regulation is historically unprecedented.
  • AI is actively displacing workers, manipulating elections, and generating disinformation at scale yet the regulatory response has been nearly silent. So why the selective urgency on child laws suddenly?
  • These laws have been politically framed as a single yes/no question: "Do you want to protect children?" - with the technical details conveniently left for later. No politician can answer no. Nobody ever asked the follow-up: "But how will this be done?".

๐Ÿค” A theory worth considering

For the first time in history, a generation is growing up with access to every perspective, every counter-narrative, and every inconvenient truth - unfiltered and outside the control of the institutions that previously shaped public opinion. No previous generation had that. Their parents got three TV channels and a local newspaper.

Research consistently shows that younger generations hold markedly different political and social views than those who grew up with traditional media. This is what happens when people have access to more than one version of events.

Governments and institutions are not blind to this. A generation that forms its worldview independently is harder to reach through traditional political messaging, more sceptical of official narratives, and more likely to demand accountability. These are healthy traits in a democracy. They are, however, inconvenient traits for those in power.

So the real question is whether "protecting children" is the whole story when the practical effect of these laws is to route the next generation's access to information through government-approved, identity-verified channels.

๐Ÿ’ก How age verification could work

Age verification doesn't have to mean identity verification. If policymakers were genuinely focused on outcomes rather than optics, there are privacy-respecting approaches that can technically work:

Zero-knowledge proofs

Modern biometric passports and national ID cards contain an NFC chip holding your personal data, digitally signed by the issuing government. The signing keys are publicly available which means an open-source app on your phone can verify that signature on-device - no internet connection or third party required. Here is how it works in practice:

  • You hold your passport to your phone
  • The app reads the NFC chip and verifies the government's signature locally on your device
  • It confirms your date of birth meets the age threshold
  • It generates a cryptographic proof of that fact - and nothing else
  • You present that proof to the platform

The platform receives only a yes or no. It never sees your name, date of birth or passport number. The app itself can be fully audited open-source code. Projects like zkPassport and Self Protocol are example implementations of this. The platform would work offline, leave no data trail and only requires software that you can inspect anytime and a passport that is already in your pocket.

For people without a biometric passport, every passport (chipped or not) has a Machine Readable Zone (MRZ): the two lines of standardised text printed at the bottom of the photo page. An open-source app can scan that with your camera, extract your date of birth entirely on-device, and generate the same kind of proof. No network call, no third party, nothing leaves your phone. It is not cryptographically tamper-proof in the way a chip signature is - someone determined to cheat the system could hold up a fake document. But that is a deliberate trade-off, not an oversight. The goal here is to protect the privacy of the overwhelming majority of honest users, not to build a surveillance apparatus capable of catching every edge case. A system that is slightly gameable but leaves no data trail on millions of people is a better outcome than an airtight system that surveils everyone.

Device and OS-level parental controls

Every modern phone, tablet, and computer already has built-in tools that allow parents to restrict what their child can access. A parent configures their child's device once (sets age limits, blocking categories of content, restricting app downloads) and every platform the child visits respects those boundaries automatically. The technology is already there. What is missing is government investment in making sure parents actually know how to use it. That investment is far cheaper than what governments are currently proposing.

Digital literacy and critical thinking in schools

Rather than restricting what children can see, teach them how to evaluate what they're looking at. A child who understands how to identify bias, question a source, and construct an argument is far better protected than one who has simply been kept away from difficult content. The internet isn't going anywhere. Giving children the tools to navigate it confidently is a more honest solution.

Payment-gated platforms

For platforms where payment is already part of the experience, age verification is essentially solved. If you are already paying a streaming service, a gaming platform, a subscription site then your bank has already confirmed you are an adult. No additional verification is needed.

These approaches exist. They are technically feasible and cheaper to implement. The fact that most proposed legislation ignores them in favour of ID-upload systems tells you something about whether privacy was ever really a priority in the room.

๐Ÿ’ญ Final thoughts

Child safety is a cause worth defending. So is privacy. You don't have to choose between them, but the legislation being pushed in several countries is forcing that trade-off.

It is very hard to ignore the coincidences piling up in front of us:

  • Governments with access to privacy-respecting solutions that consistently choose not to use them.
  • Laws appearing globally in near-identical form, without independent evidence they work.
  • Experts sidelined while the debate is reduced to a single morally loaded question.

None of this means every politician backing these laws has bad intentions. Some might believe they are protecting children. But good intentions don't make bad legislation safe. The infrastructure of surveillance, once constructed, becomes available to whoever comes next.

The version of the internet where your identity is attached to every search, every opinion, and every question you've ever asked doesn't only threaten adults. It threatens the teenagers trying to figure out who they are, the young people seeking help they're not ready to ask for out loud, the next generation of journalists and whistleblowers and citizens who haven't yet learned they need to protect themselves.

If you care about children's safety online, demand the solutions that actually protect them without dismantling the privacy that everyone (including children) depends on.

Writing

More posts

All posts
Users Are Not a Resource. They are a Relationship.
#data privacy #tech accountability #business strategy #user trust #customer loyalty

Users Are Not a Resource. They are a Relationship.

Every piece of data that a user shares with online platforms is an act of faith. They're not just handing over their information - they're extending their trust. And like any relationship, that trust expands when honored and collapses when broken. Discord, Windows, Whatsapp - none of these giants exist without the millions of people who chose to believe in them first. Every new feature you ship is a new test of that belief.

17 April 2026

How the UK Really Uses the Internet in 2026
#media #ai #privacy #digital #society

How the UK Really Uses the Internet in 2026

Ofcom's 2026 Adults' Media Use and Attitudes report is out. Privacy awareness is declining, security habits are creating measurable harm, and people are feeling worse about being online. Here's what the data actually says.

6 April 2026

Self-Hosting Launchfolio: Setup Guide
#launchfolio #self-hosting #docker #portfolio

Self-Hosting Launchfolio: Setup Guide

Launchfolio is a self-hostable portfolio, blog, and CV app distributed as a Docker image. Here's everything you need to get your own instance running.

27 March 2026