Governments and regulators, even those who have long supported and encouraged better privacy for digital users, are now pushing for age verification online. In a world that has given businesses an open hand for decades in targeting minors for advertising, it now wants to protect them from adult content, gambling and other restricted content that they deem so. Who controls such restrictions itself raises concerns for me. Regardless, any age verification, online or offline, cannot be privacy-preserving.
Age verification inherently carries profound privacy risks and threatens free speech. It also facilitates data misuse and entrenches monopolies of centralised tech giants. It offers no real benefits to users who must share their sensitive legal identities.
Any concrete proof of age requires many hard identifiers: government-issued IDs, facial biometrics, or other uniquely identifying documents. When users must reveal their identity, exposing sensitive personal data endangers user privacy. The very act of verification creates a digital footprint that entities can track, aggregate, or misuse. Put, no matter how minimal the data shared, there is always potential for harm.
Age verification also erodes anonymity, forcing all to prove identity before accessing and eliminating the ability to participate pseudonymously. This has a disproportionate impact on marginalised groups who rely on internet anonymity for safety or self-expression. The internet becomes less inclusive and open to significant regression by demanding overt identification. Even minimal confirmation signals threaten anonymity.
Any government pushing for such verification can exploit the same systems for broad surveillance tomorrow. Centralised databases of user identities tied to browsing habits could become tools for monitoring dissent, tracking behaviour, and targeting individuals.
What stops the government or any organisation from using the vast repositories of verified user data to fuel their so-called AI systems? The speed at which laws change, a citizen is left with no choice but to either abide by them or call for widespread protests against such laws. However, with their data already under government control, the dissent will be easy to subdue.
With the rise in decentralised and open-source platforms in the last decade, they face immense challenges complying with age verification laws. The requirement for real-time identity checks, data verification, and storage is technically and financially feasible for well-funded centralised corporations but prohibitive for smaller or decentralised platforms and communities.
Only big-tech monopolistic platforms have the resources to build robust verification systems and absorb legal risks. Meanwhile, decentralised innovations prioritising privacy and freedom struggle to survive under stringent compliance demands.
Lastly, sharing physical identity documents or biometric data carries no direct consumer advantage over the existing systems. Instead, it exposes users to potential exclusion from services if verification fails. While protecting children might be at the forefront of these laws, the same can be done with better education (which many governments today wish not to do) than eroding personal rights and exposing the same children’s information to many platforms. This moves minors into potentially more harmful digital environments.
It’s easier to leave a platform altogether than to share such private information and then pay to access various subscriptions they offer.
Chaitanya's Weblog 