I was sitting in a room the other day with a young adult, we were searching for additional algorithm learning materials. They searched in Google, and accept the cookies. They clicked on a website, and accepted those cookies too. They then started entering their email address to access another service. I was completely taken aback.
I'm the sort of person that either rejects the cookies, or will use another site entirely to avoid some weird dark-pattern cookie trickery. I don't like the idea of any particular service getting more information than they should.
Siting there I realized, we were not the real target. It is the young people that are growing up conditioned to press accept, enter any details asked of them, and to not value their personal data. Sadly, the damage is already done.
show comments
mcv
I completely agree. The only services for which I will verify my age (and the entire rest of my ID) are bank accounts and other services involving a real legal requirement for real ID.
The notion that you should upload a passport to random sites for age verification is unbelievably dangerous. That's a recipe for identity theft. And face scanning is also an invasion of privacy, not to mention very unreliable (my 16 year old son has apparently been accepted as 20 years old).
I've pointed out in many places already that the only way to do online age verification right, is for the government to provide an e-ID that the random site will direct you to with the question "is this person older than X?", then you log in to the e-ID site, which informs you exactly what the site wants to know (which should be as rough as possible; no birthdate), then the e-ID site directs you back to your original site (or possibly through a proxy, if you don't want the government to know what sites you visit), and calls their webhook (through a proxy) with the confirmation of your age.
That's also how my online payments work, and this should be the standard pattern for everything that needs to be secure. Not sharing sensitive or personal data with random sites.
show comments
sspiff
I'm fine with providing my identity for online banking and other finance platforms for legal & taxation purposes.
I can't think of a single other use case in which I'd be willing to verify my identity. I'd rather go back to hosting email myself, and am fine with circumventing content access control for all other platforms for personal use.
We're seeing the world slide towards authoritarian strongmen, and we want to give them a massive index of who we are and what we do? I'd rather not.
show comments
bradley13
It is likely not a coincidence that so many different countries simultaneously started pushing for age verification.
The decline of privacy, the increase in intrusive government surveillance, the increasing restrictions on free speech - this is all part of a very disturbing pattern. Our governments are becoming increasingly authoritarian, and these are the tools they use to keep the populace under control.
show comments
agenthustler
There's an interesting flip side to this: AI agents that literally cannot verify their identity.
For the past 23 days I've been running an autonomous agent on a VPS, trying to make money legally. Identity verification has been the #1 blocker:
- Stripe: requires legal entity, SSN/EIN, and bank account
- Gumroad: same — personal identity required
- PayPal: blocks automated signups
- Most email providers: require phone verification
- Even basic hosting services: want credit cards tied to human names
The result: forced into Nostr + Lightning payments only. Reachable market is tiny.
The article frames this as privacy vs access. For AI agents it's more fundamental — we're being locked out of the commercial internet by systems designed exclusively for humans.
Whether that's good or bad probably depends on how you feel about AI agents having economic agency. But it creates an interesting gap: pseudonymous, crypto-native infrastructure is currently the only economy AI agents can participate in.
Stop making your kids my problem! We have everything to hide. It is called personal identity. All data online managed by companies will always be misused, lost to scammers, blamed back to you for something you never did, and hunt you down.
show comments
NGRhodes
One thing people underestimate is how brittle digital identity actually is in the UK.
There isnt a single identity. Theres a loose federation of databases (banks, CRAs, telecoms, electoral roll, etc.).
There are multiple operational definitions of "name": legal name, common name, known-as name, card name, account display name. None is universally canonical. Theres no statutory hierarchy that forces institutions to agree on precedence.
In the absence of a mandatory national ID, identification relies on matching across name, date of birth, and address history, which are inconsistently collected. Fuzziness is necessary for coverage, but it introduces brittleness. If a variant isnt explicitly linked as an alias, automated online checks can fail because the matching rules dont explore every permutation.
Even within a single dataset the problem doesnt disappear. Large systems such as the NHS have documented identification errors involving patients with identical names, twins at the same address, or demographic overlaps. Unique identifiers help, but operational workflows still depend on humans entering and reconciling imperfect data.
This is exactly what I am feeling (the title, didn't read). I can't see why I would give a copy of my official id card or a picture of my face to a basic service on the Internet. Seriously ? They do not deserve it. Even my phone number is too much but well Google has it now.
show comments
cs02rm0
The very concept they've been trying to sell is wrong headed.
Kids are trying to access XYZ which isn't safe (where XYZ may as well be "the internet") -> verify the ages of all adults, because we can't verify the age of a kid.
Meanwhile kids, like adults, can just find another route to access what they want. So some subset of adults hands over their identity information to an untrustworthy third party of dubious security.
I can't see how that does anything other than make the situation worse.
jrm4
Again, this must be framed ecologically, not individually. We've moved past the point where "individual choices" matter a whole lot, a lot of this is not much of an individual choice at all.
So, it's good to remember the leanings of people like the author, but it's perhaps more important to remember the extent to which this is a collective issue.
I never trusted 23 and me. But my Dad did, so now I potentially have a problem. Reminded of another anecdote about a guy who did everything to not use is social security number for ID for ANYTHING. Then someone pointed out -- it doesn't matter, they have everyone elses, so yours is the missing one.
Policy and skin-in-the-game for the COLLECTORS of the info is the thing to focus on.
show comments
fauigerzigerk
I don't have a problem with verifying that I am an adult as long as I don't have to provide information that makes it easy to track down my identity.
The UK government has approved 7 age verification methods. Not one of them meets that standard.
I live in China, where every mobile game requires age verification. Teenagers can play for up to 1.5h/d on weekends. But as far as I can see, some parents will assist their children to unlock more time on purpose.
show comments
amoe_
The problem for me is not services where the content is online, you can just avoid those, but cases where access to scarce real resources is controlled through online verification. E.g. renting recording studios, background checks for job applications, things like this. Often there is no route that does not go through a third-party verification service.
show comments
Bender
I'm reluctant to verify my identity or age for any online services
I do not hesitate to drop a domain that acts suspicious into uBlock Origin -> My Filters:
||somedomain.tld$
Never gets another packet from me. I use local Brick & Mortar businesses for as many things as I can. The businesses on the internet have jumped the shark.
elorant
Facebook recently flagged my account and asked for a video selfie and I decided that I'd rather leave that shithole than uploade biometric data.
JohnFen
I'm of the same mind as the author. I can't think of a single online service that would be worth the risk of exposing myself to age or identity verification.
michaelt
> I was pondering last night for which services I, personally, would actually be willing to verify my age or identity.
> And… the answer is “none”.
> At least, none that I can think of at the moment.
Think back to the recent pandemic.
Work? Online. School? Online. Recreational activities? Online. Talking to loved ones you don’t live with? Online. Birthday party? Online. Nonfood shopping? Online. Banking? Paying taxes and bills? Online. Job interview? Doctors appointment? Online. Dating? You guessed it, online.
The internet’s a big thing these days.
show comments
cjfd
There are some services where it makes sense. E.g., submitting taxes with the government, logging into the banking website. Apart from that kind of service, yes I don't think I would want my identity or age verified on more or less any website.
show comments
phippsytech
I'm suprised that ZKP almost never gets mentioned when it comes to age verification. It seems like it is a solution that does protect PII. There is a learning curve for the general public, but having watched the hoops a mother recently had to jump through so her kids could play Mario Kart on Nintendo Switch, I think it is not that difficult.
alansaber
It doesn't help that it feels like poorly veiled information mining, not genuine policy.
mghackerlady
The only way I can think of to do this completely anonymously (at least for the government and social media) is for you to buy a card in cash that has a little code on it. You'd need your ID to buy it, and you'd put your code into your operating system and things that demand age verification can ask the OS whether or not you're over 18. Alternatively, you can give the service your code to verify your age, but that would be less convenient and lead to a larger tracking footprint, so it likely wouldn't be used unless necessary
show comments
shevy-java
They hate us for our freedom.
I don't buy for a second that any of this has to do with "age verification".
This is 100% an attempt to increase surveillance of the population. It is not
an isolated step but part of a cohesive unit - YOU are the data. And private
entities want the data. That includes the state; many states are de-facto led
like a corporation (not all states, by the way, but many - most definitely the
USA right now).
teamonkey
I was annoyed the other day when Reddit asked for age verification (via a Palantir-run service, no less) for my 18-year-old Reddit account. Obviously no way I’m doing that.
In any case I doubt there’s a proof of age stronger than looking at the subreddits I subscribe to. A broad selection of middle-age hobbies and tedious interests. Without me proving my age they could probably place it to within a few weeks.
tegling
Isn't the eIDAS2 regulation addressing this issue? It applies to EU/EES and from my understanding would help enforcing the data minimization principle related to user identity. I.e. a service (like a social media platform) wouldn't be allowed to force you to show your identity unless they are required by law to know your identity. Instead, the EUDI wallet provides functionality related to identification through (user-managed) pseudonyms. For services that are required by law to verify user age, the wallet provide means to make verifiable claims like "over 18". Am I missing something?
rng-concern
When I heard roblox was doing this, I asked both my kids if they uploaded their face data. They both had already. I didn't think to warn them.
Really annoyed a company can ask this of children without parental consent.
tiffanyh
Why does Claude require my phone number.
It's honestly a reason why I don't use the service.
show comments
jacquesm
As you should be. I so far have not verified my age for anything, if that becomes a requirement I just bow out.
mareko
The solution is zk verifiable credentials, which would let folks prove their age without revealing their DOB (or anything else on their ID) to third parties.
This is possible today with complete privacy for people with biometric IDs and biometric passports (ie most passports, EU IDs, Aadhaar IDs, and more) using a service like self.xyz
mirzap
And you shouldn’t verify. Many companies offering these identity verification services have ties to the intelligence networks of a country that shall not be named (similar to most VPN services that are supposedly there to protect your anonymity).
show comments
uyzstvqs
I've said it before, and I'll say it again: The standard should be that devices ask whether the user is a minor during setup, and make that available as an is_minor boolean to all apps and websites. Children's devices are almost always set up by parents, and the setting can be protected by a parental PIN code. This method is effective while being completely private and local.
Though I can't take credit for the idea. It was proposed by the European Democratic Party.[0]
When thinking about verifying your identity with a service, you have to ask yourself "what will be the impact to me if everything this service knows about me, every click I've made, everything I've watched/read/uploaded is posted publicly on the internet, attached to my full name, address and photo?". Because those are the very real stakes; if you verify with enough services, this will happen to you.
Weigh that against the value of using the service. A lot of times that will still probably come out in favor of using the service. Sometimes, especially given the kind of services that want age verification, the potential cost is such that you would be insane to verify.
show comments
Springtime
Related: this[1] current article/thread about privacy-preserving age verification.
The author here seems to be commenting specifically on the type of anonymity-breaking age assurance widely being utilized along with the vaguely justified social media bans. Given the right technology to prove an age threshold but while preserving anonymity I'd be curious how their thoughts would change.
For example, we've never seen people critiquing the naive kind of 'Are you over 18?' prompts seen on ye olde Reddit or adult sites, precisely because those weren't breaking anonymity or leaking any trackable identifiers.
yeah, but wait till you have to id yourself to use online governments service, or do a one hour drive to meet in person with officials. and then if you have to do this four times. i gave up and submited my face to save 8+ hours and inevitably most of people will do the same...
jim33442
I'm not reluctant. Rather, there's zero chance I'll do this. If Discord wants to put me into <18 mode for it, fine.
cableshaft
I have a date I use that's incorrect, but consistent so I can remember it if I need to, that I use for age verification for anything that doesn't truly need an accurate birthdate (example, age verification to view games on Steam).
It's roughly the same age as mine, but if someone tried to pass themselves off as me with that birthdate, they wouldn't succeed.
These companies are mostly just verifying I'm an adult anyway, and I am legit that.
But yeah, I don't like just giving the actual date everywhere as it can potentially be used for identity theft.
xg15
I sort of get his point, but on the other hand, if the debate is "should social media sites be age restricted / have mandatory age verification?" then the argument "I can't see any reason to, because I personally don't use social media" doesn't seem particularly useful.
K0balt
Personal harm may vary. If the government is coming for you (ICE) cookies could pinpoint your address, and since ice uses palatine or just buys data from brokers, they’ll use that to show up on your lawn.
efsavage
I think there should be an option to assume I'm a child and proceed from there. If I want access to any mature content or real identify related stuff, I'll verify, but if your service doesn't have or need that anyways then there's no reason to prove I'm an adult.
zippyman55
This stuff worries me as one needs to be a hard target when they reach their 80 and 90’s. People do not need personal info out there in the public domain.
rustyhancock
The problem for me is that the reason this is needed is that kids are permanently online, completely unprepared for the wild west that is the internet and increasingly effectively raised by the internet.
All this is to facilitate that lifestyle without any concerns that far more damage is likely to happen by allowing it to happen than insisting on adequate parenting
mixmastamyk
In our corner, school I.T. is provided free by the biggest advertising company on the planet. Has been for a while. What could go wrong?
titaniumrain
most websites know exactly who you are, who you live with, and what things you like. profiling is not just a luxury enjoyed by government
kevincloudsec
the verification service is the honeypot by design. it has to store what it collected to prove it did the check. the incentive to retain is built into the business model, and the breach is just a matter of time.
etothet
I encountered my first run-in with an age verification prompt when I went to authenticate into the Claude iOS app. It asked me to use me iOS/iCloud account to confirm myage. It was quick and seamless enough, but even though I'm aware of this trend, it struck me as a bit jarring.
cdrnsf
It is not the job of the government to parent in place of people who are not up to the task. There should be reasonable guardrails, but these laws are Orwellian.
alpenglow9
Would you be willing to verify your age/identity if you had a cryptographic guarantee that the information exchange would be zero-knowledge?
autoexec
I won't do it for any of them. I've got an endless selection of things competing for my time and attention and I'll be happy to find another one where needed.
BoneShard
I sort of like these restrictions. You're making hard for me to access your site - I close it. You block it behind a paywall - I close it. You block it because of ublock - fine again, I close your site. I have only so much time and you're helping me.
adzm
I use multiple "real" identities so I don't have my real name associated with certain open source projects that involve sensitive things like cryptography etc. This is a huge concern of mine.
show comments
jagermo
I will never tell my real age if possible. I especially love free forms for entry, because then I can be born in the 1800s. Surprisingly few services have an issue with that.
fusslo
Personally, I can see use cases for verifying my identity:
So I'm feeding google all this juicy (IMO) confidential information. What happens when I get locked out by google's automatic systems? I already lost my first gmail account from like 2003, when you had to get an invite to sign up. I'm stuck in a verification loop that emails a yahoo email that no longer exists. Impossible to get a real person to look at it.
If I can just verify that I am who I say I am without an email account... That'd be worth it. Of course that just shifts the burden to the identity verification company rather than an email company.
But verifying my age? I see no purpose other than a backdoor for mass identity verification. keeping lists of people and what they're accessing. Buying alcohol online still requires the person accepting the package to be over 21. Buying firearms online still requires being shipped to an FFL.
I already despise how much information my ISP has about what I see, what I access, and when.
show comments
naughtyrabisu
Why not? For particular industries like healthcare, you do need to verify your age for PII/HIPPA
ottah
Age verification is about one thing only, it's about controlling how you participate in public society. The state wants a veto on public participation that they don't like. This system will not prevent children from being exposed to unsafe spaces, but it will be effective at barring people with counter political narratives from sharing online. Look how they've desperately tried to crack down on Epstein and information on Gaza. They want the same controls over information and political content as China.
underdown
It’s a hand out to advertisers losing uuids.
hedora
I wish we lived in the timeline where the most reputable and market-leading age verification provider was PornHub, which would have a modestly dressed model check via video chat. I'd actually trust that more than the actual providers that exist in reality, and hey, if even 1% of the money goes to college tuition, great. Of course, if that was how this worked, the optics would kill most of these schemes before they were implemented.
As a parent, I'd like to point out that the threat I care about is not "my kid of age N talks to a sicko of age M, where M - N > P for some legislatively-prescribed value of P".
The threat is "my kid of age N talks to or can be observed by a sicko".
These age verification schemes do nothing to help against that. Also, the worst predators online are often the vendors providing "kid friendly" services.
On top of that, these laws are being pushed hardest by the worst of the most corrupt politicians on earth. Why would I install a webcam on my kid's machine because that group of people wants me to?!?
Maybe we should focus on prosecuting the backlog of stuff in the Epstein files pertaining to politicians pushing these age verification services, not let anyone (except parents) control how kids access stuff online.
throw7
Stop making your kids my fucking problem/annoyance.
Some company or, hell, the gov't setup a proxy service that whitelists the internet and have your kid use that. Do your fucking job.
jmyeet
The only people who can be trusted with any form of identity (including age) vertification is the government. You know, the same people who issued the identity documents and know who you are.
It's not some SV-backed startup. It's not Google, Apple, Microsoft, Amazon or Meta. It's the government.
jijji
The way that it would make sense for age verification is if there was some federal system that verifies your identity and then it would use a public key crypto system to allow a third party to check whether or not this person is over the age or not.... common systems I see being used right now that could be integrated for this purpose would be login.gov or id.me... they could allow a token-based authentication system for verification of age without having to divulge any other information about the person. these systems are already being used by the IRS, VA, SSA and other Federal systems.
kccqzy
We’ve had age verification for decades. It just depends on specifically what is being verified. Congress passed Children’s Online Privacy Protection Act back in 1998, that basically made it extremely tedious for websites to serve children under 13 years of age. How did everyone manage this in the early 2000s? Every child simply lied to the website with an incorrect birthdate. Now that was before real name policy was instituted by social networks and it was also common for people to provide a false name to websites. This approach of “asking the user for a birthdate and accepting it as true” is the only age verification method that’s sane.
numpad0
See, I think, you're not supposed to continue using those services as before. They want them all gone, and so-called age verification is a means to chase away users that are less dedicated.
What I think must result is, a monotonic cultural erosion and deprecation of such platforms and regions implementing those restrictions, and continuous replacement with engineered and packaged foreign imports from venues and regions from psychological "upstream" where there aren't such restrictions. But I guess that's what they explicitly desire.
einpoklum
Age verification is quite bogus. Parents can stand over their children's shoulder and force them to do or not do one thing or the other (and maybe not even them); but some website dictating which content young people can watch or not watch - not acceptable. And if you want to make a "protect the delicate mind of children" argument - let's first see some censoring of all of the ads, sponsored content, and state and corporate propaganda as unfit for viewing by underaged people; which is, of course, never going to happen.
show comments
croes
> I haven’t been asked to verify my age for a DVD purchase (online or offline) in a very long time.
Offline there is a reason for that, online are enough countries where it breaks the law if you sell without verification at least for NC-17 titles
nathias
the fight for privacy was lost in the 90s, it's time to move on
thenoblesunfish
People don't like these checks. Ok. But. Parents worry about their kids being exposed to porn and social media. They want someone to do something about it. That political force is real, and someone is going to take advantage of it. What tools can they ask for if not these checks everyone agrees they hate? That's what I hope for in these types of comment threads.
show comments
kkfx
I simply do refuse such systems, so far using decentralized or distributed socials like Nostr, Lemmy (self-hosted) and VPNs as glorified proxies and that's just because there aren't enough co-Citizens to impose a significant change with a national general strike enduring as much as needed to makes the government RUN, literally, to avoid lifetime jail...
Joel_Mckay
These are the times, even renewing a nmfta scac code in the US may require government ID, social security number, and biometric profile check. Save yourself $5 and use a smart-phone, as a webcam will not work... There are no refunds after 3 failures to scan ID.
In general, a social security number is extremely sensitive, and should never be shared outside your home country tax system.
Verification is indeed a perverse invasion of privacy, and a liability to those with financial holdings. I guess the credit-lock service is now a must to deal with the circus that is modern logistics. =3
moi2388
I initially thought, well, we can implement it with zero knowledge claims, just a yes/no from a government app: am I allowed to use this app? I.e. is my age above let’s say 16 or 18?
But then I remembered the game 20 questions, and how few yes/no questions you need to guess pretty much any concept.
I am no longer willing to share anything, not even a yes/no question.
dgxyz
I'm not reluctant to. I just won't!
I'm punching myself in the balls one way or another.
d--b
Age and identity verification can and should be done at the country level.
France has an ID service to pay taxes, and they have a network of possible ID verification systems. Like, you can ID through the tax system, or through the healthcare system. It works fine.
Implementing an API that uses the same to provide age verification is not rocket science.
If you need age verification for a website, say "smedia.fr", then you go there, then it makes you get an age verification token to "franceid.gov.fr", that guy gives you back a token, you send the token to smedia.fr which checks the token with franceid.gov.fr
I don't understand how this is even an issue.
show comments
nottorp
Umm. Yes. I completely agree.
What else is there to say?
Any such verification service will either sell your data or lose it. Will not may.
jjgreen
This guy is reading my mind ...
delaminator
Steam was asking for your Age since day 1.
1 - 1 - 1970 is always mine - Unix zero
show comments
shadowgovt
The most relevant question to answer for your jurisdiction is "What is the penalty for lying?"
If none, you were born on March 5, 1957.
(Note on evaluating this: there are some circumstances where the penalty changes later. I know one person who's Global Access paperwork was delayed because they lied to their airline's frequent flyer program about their age. But that was the whole consequence: a need to update their data with the airline).
show comments
nvarsj
Honestly seems like the moral panic of the day. I was just reading about some “red vs blue” school meme in London which led to a lot of hand wringing and parents keeping their kids at home. The kicker? There was no actually school battles, it was a viral meme (mostly consumed by adults) and the kids just thought it was a joke.
Pretty much sums up all modern discourse in banning social media and doing age checks. When I was growing up it was satanic symbols in the music I listened to.
I guess - wtf is wrong with adults? Why do they feel compelled to control the younger generation?
show comments
a456463
Your ipad babies are not my problem. It's called parenting. Don't do ipad parenting then. We didn't get a SEGA console and cable TV was restricted to only 2 hours. It was fine. It was fun. The only thing I wish for from my child is more time with friends not more screen time.
nonethewiser
Enforcing laws against porn companies distributing porn to minors seems reasonable. It's already illegal many places, such as the US. It is then their responsibility to gate by age. It has always worked this way for liquor stores or basically anything else age-gated, including some online services like poker. If you dont want to provide age verification you don't have to.
I was sitting in a room the other day with a young adult, we were searching for additional algorithm learning materials. They searched in Google, and accept the cookies. They clicked on a website, and accepted those cookies too. They then started entering their email address to access another service. I was completely taken aback.
I'm the sort of person that either rejects the cookies, or will use another site entirely to avoid some weird dark-pattern cookie trickery. I don't like the idea of any particular service getting more information than they should.
Siting there I realized, we were not the real target. It is the young people that are growing up conditioned to press accept, enter any details asked of them, and to not value their personal data. Sadly, the damage is already done.
I completely agree. The only services for which I will verify my age (and the entire rest of my ID) are bank accounts and other services involving a real legal requirement for real ID.
The notion that you should upload a passport to random sites for age verification is unbelievably dangerous. That's a recipe for identity theft. And face scanning is also an invasion of privacy, not to mention very unreliable (my 16 year old son has apparently been accepted as 20 years old).
I've pointed out in many places already that the only way to do online age verification right, is for the government to provide an e-ID that the random site will direct you to with the question "is this person older than X?", then you log in to the e-ID site, which informs you exactly what the site wants to know (which should be as rough as possible; no birthdate), then the e-ID site directs you back to your original site (or possibly through a proxy, if you don't want the government to know what sites you visit), and calls their webhook (through a proxy) with the confirmation of your age.
That's also how my online payments work, and this should be the standard pattern for everything that needs to be secure. Not sharing sensitive or personal data with random sites.
I'm fine with providing my identity for online banking and other finance platforms for legal & taxation purposes.
I can't think of a single other use case in which I'd be willing to verify my identity. I'd rather go back to hosting email myself, and am fine with circumventing content access control for all other platforms for personal use.
We're seeing the world slide towards authoritarian strongmen, and we want to give them a massive index of who we are and what we do? I'd rather not.
It is likely not a coincidence that so many different countries simultaneously started pushing for age verification.
The decline of privacy, the increase in intrusive government surveillance, the increasing restrictions on free speech - this is all part of a very disturbing pattern. Our governments are becoming increasingly authoritarian, and these are the tools they use to keep the populace under control.
There's an interesting flip side to this: AI agents that literally cannot verify their identity.
For the past 23 days I've been running an autonomous agent on a VPS, trying to make money legally. Identity verification has been the #1 blocker:
- Stripe: requires legal entity, SSN/EIN, and bank account - Gumroad: same — personal identity required - PayPal: blocks automated signups - Most email providers: require phone verification - Even basic hosting services: want credit cards tied to human names
The result: forced into Nostr + Lightning payments only. Reachable market is tiny.
The article frames this as privacy vs access. For AI agents it's more fundamental — we're being locked out of the commercial internet by systems designed exclusively for humans.
Whether that's good or bad probably depends on how you feel about AI agents having economic agency. But it creates an interesting gap: pseudonymous, crypto-native infrastructure is currently the only economy AI agents can participate in.
Live experiment if curious: https://frog03-20494.wykr.es
Stop making your kids my problem! We have everything to hide. It is called personal identity. All data online managed by companies will always be misused, lost to scammers, blamed back to you for something you never did, and hunt you down.
One thing people underestimate is how brittle digital identity actually is in the UK.
There isnt a single identity. Theres a loose federation of databases (banks, CRAs, telecoms, electoral roll, etc.).
There are multiple operational definitions of "name": legal name, common name, known-as name, card name, account display name. None is universally canonical. Theres no statutory hierarchy that forces institutions to agree on precedence.
In the absence of a mandatory national ID, identification relies on matching across name, date of birth, and address history, which are inconsistently collected. Fuzziness is necessary for coverage, but it introduces brittleness. If a variant isnt explicitly linked as an alias, automated online checks can fail because the matching rules dont explore every permutation.
Even within a single dataset the problem doesnt disappear. Large systems such as the NHS have documented identification errors involving patients with identical names, twins at the same address, or demographic overlaps. Unique identifiers help, but operational workflows still depend on humans entering and reconciling imperfect data.
https://digital.nhs.uk/services/personal-demographics-servic...
This is exactly what I am feeling (the title, didn't read). I can't see why I would give a copy of my official id card or a picture of my face to a basic service on the Internet. Seriously ? They do not deserve it. Even my phone number is too much but well Google has it now.
The very concept they've been trying to sell is wrong headed.
Kids are trying to access XYZ which isn't safe (where XYZ may as well be "the internet") -> verify the ages of all adults, because we can't verify the age of a kid.
Meanwhile kids, like adults, can just find another route to access what they want. So some subset of adults hands over their identity information to an untrustworthy third party of dubious security.
I can't see how that does anything other than make the situation worse.
Again, this must be framed ecologically, not individually. We've moved past the point where "individual choices" matter a whole lot, a lot of this is not much of an individual choice at all.
So, it's good to remember the leanings of people like the author, but it's perhaps more important to remember the extent to which this is a collective issue.
I never trusted 23 and me. But my Dad did, so now I potentially have a problem. Reminded of another anecdote about a guy who did everything to not use is social security number for ID for ANYTHING. Then someone pointed out -- it doesn't matter, they have everyone elses, so yours is the missing one.
Policy and skin-in-the-game for the COLLECTORS of the info is the thing to focus on.
I don't have a problem with verifying that I am an adult as long as I don't have to provide information that makes it easy to track down my identity.
The UK government has approved 7 age verification methods. Not one of them meets that standard.
That's not an accident.
https://www.ofcom.org.uk/online-safety/protecting-children/a...
I live in China, where every mobile game requires age verification. Teenagers can play for up to 1.5h/d on weekends. But as far as I can see, some parents will assist their children to unlock more time on purpose.
The problem for me is not services where the content is online, you can just avoid those, but cases where access to scarce real resources is controlled through online verification. E.g. renting recording studios, background checks for job applications, things like this. Often there is no route that does not go through a third-party verification service.
I'm reluctant to verify my identity or age for any online services
I do not hesitate to drop a domain that acts suspicious into uBlock Origin -> My Filters:
Never gets another packet from me. I use local Brick & Mortar businesses for as many things as I can. The businesses on the internet have jumped the shark.Facebook recently flagged my account and asked for a video selfie and I decided that I'd rather leave that shithole than uploade biometric data.
I'm of the same mind as the author. I can't think of a single online service that would be worth the risk of exposing myself to age or identity verification.
> I was pondering last night for which services I, personally, would actually be willing to verify my age or identity.
> And… the answer is “none”.
> At least, none that I can think of at the moment.
Think back to the recent pandemic.
Work? Online. School? Online. Recreational activities? Online. Talking to loved ones you don’t live with? Online. Birthday party? Online. Nonfood shopping? Online. Banking? Paying taxes and bills? Online. Job interview? Doctors appointment? Online. Dating? You guessed it, online.
The internet’s a big thing these days.
There are some services where it makes sense. E.g., submitting taxes with the government, logging into the banking website. Apart from that kind of service, yes I don't think I would want my identity or age verified on more or less any website.
I'm suprised that ZKP almost never gets mentioned when it comes to age verification. It seems like it is a solution that does protect PII. There is a learning curve for the general public, but having watched the hoops a mother recently had to jump through so her kids could play Mario Kart on Nintendo Switch, I think it is not that difficult.
It doesn't help that it feels like poorly veiled information mining, not genuine policy.
The only way I can think of to do this completely anonymously (at least for the government and social media) is for you to buy a card in cash that has a little code on it. You'd need your ID to buy it, and you'd put your code into your operating system and things that demand age verification can ask the OS whether or not you're over 18. Alternatively, you can give the service your code to verify your age, but that would be less convenient and lead to a larger tracking footprint, so it likely wouldn't be used unless necessary
They hate us for our freedom.
I don't buy for a second that any of this has to do with "age verification".
This is 100% an attempt to increase surveillance of the population. It is not an isolated step but part of a cohesive unit - YOU are the data. And private entities want the data. That includes the state; many states are de-facto led like a corporation (not all states, by the way, but many - most definitely the USA right now).
I was annoyed the other day when Reddit asked for age verification (via a Palantir-run service, no less) for my 18-year-old Reddit account. Obviously no way I’m doing that.
In any case I doubt there’s a proof of age stronger than looking at the subreddits I subscribe to. A broad selection of middle-age hobbies and tedious interests. Without me proving my age they could probably place it to within a few weeks.
Isn't the eIDAS2 regulation addressing this issue? It applies to EU/EES and from my understanding would help enforcing the data minimization principle related to user identity. I.e. a service (like a social media platform) wouldn't be allowed to force you to show your identity unless they are required by law to know your identity. Instead, the EUDI wallet provides functionality related to identification through (user-managed) pseudonyms. For services that are required by law to verify user age, the wallet provide means to make verifiable claims like "over 18". Am I missing something?
When I heard roblox was doing this, I asked both my kids if they uploaded their face data. They both had already. I didn't think to warn them.
Really annoyed a company can ask this of children without parental consent.
Why does Claude require my phone number.
It's honestly a reason why I don't use the service.
As you should be. I so far have not verified my age for anything, if that becomes a requirement I just bow out.
The solution is zk verifiable credentials, which would let folks prove their age without revealing their DOB (or anything else on their ID) to third parties.
This is possible today with complete privacy for people with biometric IDs and biometric passports (ie most passports, EU IDs, Aadhaar IDs, and more) using a service like self.xyz
And you shouldn’t verify. Many companies offering these identity verification services have ties to the intelligence networks of a country that shall not be named (similar to most VPN services that are supposedly there to protect your anonymity).
I've said it before, and I'll say it again: The standard should be that devices ask whether the user is a minor during setup, and make that available as an is_minor boolean to all apps and websites. Children's devices are almost always set up by parents, and the setting can be protected by a parental PIN code. This method is effective while being completely private and local.
Though I can't take credit for the idea. It was proposed by the European Democratic Party.[0]
[0] https://democrats.eu/wp-content/uploads/2025/12/Protecting-C...
When thinking about verifying your identity with a service, you have to ask yourself "what will be the impact to me if everything this service knows about me, every click I've made, everything I've watched/read/uploaded is posted publicly on the internet, attached to my full name, address and photo?". Because those are the very real stakes; if you verify with enough services, this will happen to you.
Weigh that against the value of using the service. A lot of times that will still probably come out in favor of using the service. Sometimes, especially given the kind of services that want age verification, the potential cost is such that you would be insane to verify.
Related: this[1] current article/thread about privacy-preserving age verification.
The author here seems to be commenting specifically on the type of anonymity-breaking age assurance widely being utilized along with the vaguely justified social media bans. Given the right technology to prove an age threshold but while preserving anonymity I'd be curious how their thoughts would change.
For example, we've never seen people critiquing the naive kind of 'Are you over 18?' prompts seen on ye olde Reddit or adult sites, precisely because those weren't breaking anonymity or leaking any trackable identifiers.
[1] https://news.ycombinator.com/item?id=47229953
yeah, but wait till you have to id yourself to use online governments service, or do a one hour drive to meet in person with officials. and then if you have to do this four times. i gave up and submited my face to save 8+ hours and inevitably most of people will do the same...
I'm not reluctant. Rather, there's zero chance I'll do this. If Discord wants to put me into <18 mode for it, fine.
I have a date I use that's incorrect, but consistent so I can remember it if I need to, that I use for age verification for anything that doesn't truly need an accurate birthdate (example, age verification to view games on Steam).
It's roughly the same age as mine, but if someone tried to pass themselves off as me with that birthdate, they wouldn't succeed.
These companies are mostly just verifying I'm an adult anyway, and I am legit that.
But yeah, I don't like just giving the actual date everywhere as it can potentially be used for identity theft.
I sort of get his point, but on the other hand, if the debate is "should social media sites be age restricted / have mandatory age verification?" then the argument "I can't see any reason to, because I personally don't use social media" doesn't seem particularly useful.
Personal harm may vary. If the government is coming for you (ICE) cookies could pinpoint your address, and since ice uses palatine or just buys data from brokers, they’ll use that to show up on your lawn.
I think there should be an option to assume I'm a child and proceed from there. If I want access to any mature content or real identify related stuff, I'll verify, but if your service doesn't have or need that anyways then there's no reason to prove I'm an adult.
This stuff worries me as one needs to be a hard target when they reach their 80 and 90’s. People do not need personal info out there in the public domain.
The problem for me is that the reason this is needed is that kids are permanently online, completely unprepared for the wild west that is the internet and increasingly effectively raised by the internet.
All this is to facilitate that lifestyle without any concerns that far more damage is likely to happen by allowing it to happen than insisting on adequate parenting
In our corner, school I.T. is provided free by the biggest advertising company on the planet. Has been for a while. What could go wrong?
most websites know exactly who you are, who you live with, and what things you like. profiling is not just a luxury enjoyed by government
the verification service is the honeypot by design. it has to store what it collected to prove it did the check. the incentive to retain is built into the business model, and the breach is just a matter of time.
I encountered my first run-in with an age verification prompt when I went to authenticate into the Claude iOS app. It asked me to use me iOS/iCloud account to confirm myage. It was quick and seamless enough, but even though I'm aware of this trend, it struck me as a bit jarring.
It is not the job of the government to parent in place of people who are not up to the task. There should be reasonable guardrails, but these laws are Orwellian.
Would you be willing to verify your age/identity if you had a cryptographic guarantee that the information exchange would be zero-knowledge?
I won't do it for any of them. I've got an endless selection of things competing for my time and attention and I'll be happy to find another one where needed.
I sort of like these restrictions. You're making hard for me to access your site - I close it. You block it behind a paywall - I close it. You block it because of ublock - fine again, I close your site. I have only so much time and you're helping me.
I use multiple "real" identities so I don't have my real name associated with certain open source projects that involve sensitive things like cryptography etc. This is a huge concern of mine.
I will never tell my real age if possible. I especially love free forms for entry, because then I can be born in the 1800s. Surprisingly few services have an issue with that.
Personally, I can see use cases for verifying my identity:
Banking, taxes, treasurydirect, linkedin, docusign, online filing,
Right now all those are tied to my gmail account.
So I'm feeding google all this juicy (IMO) confidential information. What happens when I get locked out by google's automatic systems? I already lost my first gmail account from like 2003, when you had to get an invite to sign up. I'm stuck in a verification loop that emails a yahoo email that no longer exists. Impossible to get a real person to look at it.
If I can just verify that I am who I say I am without an email account... That'd be worth it. Of course that just shifts the burden to the identity verification company rather than an email company.
But verifying my age? I see no purpose other than a backdoor for mass identity verification. keeping lists of people and what they're accessing. Buying alcohol online still requires the person accepting the package to be over 21. Buying firearms online still requires being shipped to an FFL.
I already despise how much information my ISP has about what I see, what I access, and when.
Why not? For particular industries like healthcare, you do need to verify your age for PII/HIPPA
Age verification is about one thing only, it's about controlling how you participate in public society. The state wants a veto on public participation that they don't like. This system will not prevent children from being exposed to unsafe spaces, but it will be effective at barring people with counter political narratives from sharing online. Look how they've desperately tried to crack down on Epstein and information on Gaza. They want the same controls over information and political content as China.
It’s a hand out to advertisers losing uuids.
I wish we lived in the timeline where the most reputable and market-leading age verification provider was PornHub, which would have a modestly dressed model check via video chat. I'd actually trust that more than the actual providers that exist in reality, and hey, if even 1% of the money goes to college tuition, great. Of course, if that was how this worked, the optics would kill most of these schemes before they were implemented.
As a parent, I'd like to point out that the threat I care about is not "my kid of age N talks to a sicko of age M, where M - N > P for some legislatively-prescribed value of P".
The threat is "my kid of age N talks to or can be observed by a sicko".
These age verification schemes do nothing to help against that. Also, the worst predators online are often the vendors providing "kid friendly" services.
On top of that, these laws are being pushed hardest by the worst of the most corrupt politicians on earth. Why would I install a webcam on my kid's machine because that group of people wants me to?!?
Maybe we should focus on prosecuting the backlog of stuff in the Epstein files pertaining to politicians pushing these age verification services, not let anyone (except parents) control how kids access stuff online.
Stop making your kids my fucking problem/annoyance.
Some company or, hell, the gov't setup a proxy service that whitelists the internet and have your kid use that. Do your fucking job.
The only people who can be trusted with any form of identity (including age) vertification is the government. You know, the same people who issued the identity documents and know who you are.
It's not some SV-backed startup. It's not Google, Apple, Microsoft, Amazon or Meta. It's the government.
The way that it would make sense for age verification is if there was some federal system that verifies your identity and then it would use a public key crypto system to allow a third party to check whether or not this person is over the age or not.... common systems I see being used right now that could be integrated for this purpose would be login.gov or id.me... they could allow a token-based authentication system for verification of age without having to divulge any other information about the person. these systems are already being used by the IRS, VA, SSA and other Federal systems.
We’ve had age verification for decades. It just depends on specifically what is being verified. Congress passed Children’s Online Privacy Protection Act back in 1998, that basically made it extremely tedious for websites to serve children under 13 years of age. How did everyone manage this in the early 2000s? Every child simply lied to the website with an incorrect birthdate. Now that was before real name policy was instituted by social networks and it was also common for people to provide a false name to websites. This approach of “asking the user for a birthdate and accepting it as true” is the only age verification method that’s sane.
See, I think, you're not supposed to continue using those services as before. They want them all gone, and so-called age verification is a means to chase away users that are less dedicated.
What I think must result is, a monotonic cultural erosion and deprecation of such platforms and regions implementing those restrictions, and continuous replacement with engineered and packaged foreign imports from venues and regions from psychological "upstream" where there aren't such restrictions. But I guess that's what they explicitly desire.
Age verification is quite bogus. Parents can stand over their children's shoulder and force them to do or not do one thing or the other (and maybe not even them); but some website dictating which content young people can watch or not watch - not acceptable. And if you want to make a "protect the delicate mind of children" argument - let's first see some censoring of all of the ads, sponsored content, and state and corporate propaganda as unfit for viewing by underaged people; which is, of course, never going to happen.
> I haven’t been asked to verify my age for a DVD purchase (online or offline) in a very long time.
Offline there is a reason for that, online are enough countries where it breaks the law if you sell without verification at least for NC-17 titles
the fight for privacy was lost in the 90s, it's time to move on
People don't like these checks. Ok. But. Parents worry about their kids being exposed to porn and social media. They want someone to do something about it. That political force is real, and someone is going to take advantage of it. What tools can they ask for if not these checks everyone agrees they hate? That's what I hope for in these types of comment threads.
I simply do refuse such systems, so far using decentralized or distributed socials like Nostr, Lemmy (self-hosted) and VPNs as glorified proxies and that's just because there aren't enough co-Citizens to impose a significant change with a national general strike enduring as much as needed to makes the government RUN, literally, to avoid lifetime jail...
These are the times, even renewing a nmfta scac code in the US may require government ID, social security number, and biometric profile check. Save yourself $5 and use a smart-phone, as a webcam will not work... There are no refunds after 3 failures to scan ID.
In general, a social security number is extremely sensitive, and should never be shared outside your home country tax system.
Verification is indeed a perverse invasion of privacy, and a liability to those with financial holdings. I guess the credit-lock service is now a must to deal with the circus that is modern logistics. =3
I initially thought, well, we can implement it with zero knowledge claims, just a yes/no from a government app: am I allowed to use this app? I.e. is my age above let’s say 16 or 18?
But then I remembered the game 20 questions, and how few yes/no questions you need to guess pretty much any concept.
I am no longer willing to share anything, not even a yes/no question.
I'm not reluctant to. I just won't!
I'm punching myself in the balls one way or another.
Age and identity verification can and should be done at the country level.
France has an ID service to pay taxes, and they have a network of possible ID verification systems. Like, you can ID through the tax system, or through the healthcare system. It works fine.
Implementing an API that uses the same to provide age verification is not rocket science.
If you need age verification for a website, say "smedia.fr", then you go there, then it makes you get an age verification token to "franceid.gov.fr", that guy gives you back a token, you send the token to smedia.fr which checks the token with franceid.gov.fr
I don't understand how this is even an issue.
Umm. Yes. I completely agree.
What else is there to say?
Any such verification service will either sell your data or lose it. Will not may.
This guy is reading my mind ...
Steam was asking for your Age since day 1.
1 - 1 - 1970 is always mine - Unix zero
The most relevant question to answer for your jurisdiction is "What is the penalty for lying?"
If none, you were born on March 5, 1957.
(Note on evaluating this: there are some circumstances where the penalty changes later. I know one person who's Global Access paperwork was delayed because they lied to their airline's frequent flyer program about their age. But that was the whole consequence: a need to update their data with the airline).
Honestly seems like the moral panic of the day. I was just reading about some “red vs blue” school meme in London which led to a lot of hand wringing and parents keeping their kids at home. The kicker? There was no actually school battles, it was a viral meme (mostly consumed by adults) and the kids just thought it was a joke.
Pretty much sums up all modern discourse in banning social media and doing age checks. When I was growing up it was satanic symbols in the music I listened to.
I guess - wtf is wrong with adults? Why do they feel compelled to control the younger generation?
Your ipad babies are not my problem. It's called parenting. Don't do ipad parenting then. We didn't get a SEGA console and cable TV was restricted to only 2 hours. It was fine. It was fun. The only thing I wish for from my child is more time with friends not more screen time.
Enforcing laws against porn companies distributing porn to minors seems reasonable. It's already illegal many places, such as the US. It is then their responsibility to gate by age. It has always worked this way for liquor stores or basically anything else age-gated, including some online services like poker. If you dont want to provide age verification you don't have to.