I think there are many pros and cons to be said about age verification, but I think this method solves most problems this article supposes, if it is combined with other common practices in the EU such as deleting inactive accounts and such. These limitations are real, but tractable. IDs can be issued to younger teenagers, wallet infrastructure matures over time, and countries without strong identity systems primarily undermine their own age bans. Jurisdictions that accept facial estimation as sufficient verification are not taking enforcement seriously in the first place. The trap described in this article is a product of the current paradigm, not an inevitability.

If there's a fundamental culture shift, there's an easy way to prevent children from using the internet:

- Don't give them an unlocked device until they're adults

- "Locked" devices and accounts have a whitelist of data and websites verified by some organization to be age-appropriate (this may include sites that allow uploads and even subdomains, as long as they're checked on upload)

The only legal change necessary is to prevent selling unlocked devices without ID. Parents would take their devices from children and form locked software and whitelisting organizations.

In the United States, you can get in trouble if you recklessly leave around or provide alcohol/guns/cigarettes for a minor to start using, yet somehow, the same social responsibility seems thrown out the window for parents and the web.

Yes, children are clever - I was one once. If you want to actually protect children and not create the surveillance state nightmare scenario we all know is going to happen (using protecting children as the guise, which is ironic, because often these systems are completely ineffective at doing so anyway) - then give parents strong monitoring and restriction tools and empower them to protect their children. They are in a much better and informed position to do so than a creepy surveillance nanny state.

That is, after all, the primary responsibility of a parent to begin with.

You could, for example, make it illegal to target children with targeted advertising campaigns and addictive content. Then throw the executives who authorized such programs in jail. Punish the people causing the harm.

1) Persona (Identity Vendor) Exposure (Feb 20, 2026): researchers discovered an exposed frontend belonging to Persona, an identity verification vendor used by platforms like Discord. This system was performing over 260 distinct checks, including facial recognition and "adverse media" screening, raising massive concerns about the scope creep of age verification.

2) Victorian Department of Education (Jan 2026): a breach impacting all 1,700 government schools exposed student names and encrypted passwords. This is a primary example of how child-related data remains a high-value target.

3) Prosura Data Breach (Jan 4, 2026): this financial services firm suffered a breach of 300,000 customer records.

4) University of Sydney (Dec 2025): a code library breach affected 27,000 people right as the new legislation was rolling out.

Undermining data protection and privacy is clearly the point. The fact that it's happening everywhere at the same time makes it look to me like a bunch of leaders got together and decided that online anonymity is a problem.

It's not like kids having access to adult content is a new problem after all. Every western government just decided that we should do something about it at roughly the same time after decades of indifference.

The "age verification" story is casus belli. This is about ID, political dissent, and fears of people being exposed to the wrong brand of propaganda.

I don't like age verification in general, for anything. The age gates in our society are very subjective.

Many times my Dad would buy alcohol at the grocery store w/ me (underage) in tow, but they never asked for my ID or refused to sell to him. Now, when I go buy alcohol as an adult with my wife (we are both in our mid-late 30s) they ask to see her ID as well as mine? If she leaves her ID at home then she has to wait in the car because they will refuse the sale if she comes into the store and cannot prove her age.

Buying a case of beer with a group of 8 year olds? No problem. Bottle of wine for you and your wife? Let me get both IDs.

Give our personal devices have the ability to verify our age and identity securely and store on device like they do our fingerprint or face data.

Services that need access only verify it cryptographically. So my iPhone can confirm I’m over 21 for my DoorDash app in the same way it stores my biometric data.

The challenge here is the adoption of these encryption services and whether companies can rely on devices for that for compliance without having to cut off service for those without it set up.

And the only way to prove that you checked is to keep the data indefinitely.

This is a false premise already; the company can check the age (or have a third party like iDIN [0] do it), then set a marker "this person is 18+" and "we verified it using this method at this date". That should be enough.

[0] https://www.idin.nl/en/

Some observers present privacy-preserving age proofs involving a third party, such as the government, as a solution, but they inherit the same structural flaw: many users who are legally old enough to use a platform do not have government ID.

So there is absolutely no way to change that and give out IDs from the age of 14? You can already get an ID for children in Germany https://www.germany.info/us-de/service/reisepass-und-persona...

This is a problem that has to be solved by the government and not by private tech companies.

This is a lazy cop out to say "we have tried nothing and we are all out of ideas"

Many of the worst present on the internet is not age gated at all, you have millions of porn websites without even a "are you over 18" popup. There are plethora of toxic forums...

Of course it's a complex problem, but the current approach sacrifice a lot of what made the internet possible and I don't like it.

Every security attempt becomes a facade or veil in time, unless it's nothing. Capture nothing, keep nothing, say nothing. Kids are smart AF and will outlearn you faster than you can think. Don't even try to capture PII ever. Watch the waves and follow their flow, make things for them to learn from but be extremely careful how you let the grownups in, and do it in pairs, never alone.

Similar to how there is specific channels for children on the TV. Perhaps the government can even incentivize such channels. It would also make it easier for parents to monitor and set boundaries. Parents would only need to monitor if the tv is still tuned to disney channel or similar instead of some adult channels.

Similarly this kind of method could be applied to online spaces. Ofcourse there will be some kids that will find ways around it but they will most likely be outliers.

https://solidproject.org/

https://www.theguardian.com/technology/2026/jan/29/internet-...

If you support privacy, you should support antitrust, else we're going to be seeing these same bills again and again and again until parents can effectively protect their children.

For age verification specifically, the only information that services need proof of is that the users age is above a certain threshold. i.e. that the user is 14 years or older. But in order to make this determination, we see services asking for government ID (which many 14-year-olds do not have), or for invasive face scans. These methods provide far more data than necessary.

What the service needs to "prove" in this case is three things:

1. that the user meets the age predicate

2. that the identity used to meet the age predicate is validated by some authority

3. that the identity is not being reused across many accounts

All the technologies exist for this, we just haven't put them together usefully. Zero knowledge proofs, like Groth16 or STARKs allow for statements about data to be validated externally without revealing the data itself. These are difficult for engineers to use, let alone consumers. Big opportunity for someone to build an authority here.

https://streamable.com/3tgc14

Aside from the privacy concerns, all this age verification tech seems incredibly complicated and expensive.

And either way, none of that requires de-anonymizing literally everyone on the internet. I'd be more than happy to see governments provide cryptographically secure digital ID and so that sites can self-select to start requiring this digital ID to make moderation easier.

I ran into this when building a kids' education app a few years ago. We explored a bunch of options, from asking for the last four digits of their parents' SSN (which felt icky, even though it's just a partial number) to knowledge-based authentication (like security questions, but for parents).

Ultimately, we went with a COPPA-compliant verification service, but it added friction to the signup process.

It's a trade-off between security and user experience, and there's no perfect solution, unfortunately.

"Social media is going the way of alcohol, gambling, and other social sins: societies are deciding it’s no longer kids’ stuff."

Oh, remember those good old times when alcohol was kids' stuff.......

It's basically the same type of enforcement on sites, as they need to verify and filter content for children, or just block them. Most of the internet users are adults, why not make internet for adults by default.

This puts more onus on parents and guardians to ensure their child's devices are set up correctly. The system wouldn't be perfect and people using something like Gentoo would be able to work around it, but I think it helps address the concerns. A framework would need to be created for content providers to enforce their own rating system but I don't think it's an impossible task. It obviously wouldn't cover someone not rating content operating out of Romania, but should be part of the accepted risk on an open internet.

Personally I do agree with the "do nothing" stance, but I don't think it's going to hold up among the wider public. The die is cast and far too many average people are supporting moves like this. So the first defense should be to steer that conversation in a better way instead of stonewalling.

Some observers present privacy-preserving age proofs involving a third party, such as the government, as a solution, but they inherit the same structural flaw: many users who are legally old enough to use a platform do not have government ID. In countries where the minimum age for social media is lower than the age at which ID is issued, platforms face a choice between excluding lawful users and monitoring everyone. Right now, companies are making that choice quietly, after building systems and normalizing behavior that protects them from the greater legal risks. Age-restriction laws are not just about kids and screens. They are reshaping how identity, privacy, and access work on the Internet for everyone.

This rebuttal to privacy preserving approaches isn't compelling. Websites can split the difference and use privacy preserving techniques when available, and fall back to other methods when the user doesn't have an ID. I'd go further and say websites should be required to prioritize privacy preserving techniques where available.

There is a separate issue of improving access to government ID. I think that is important for reasons outside of age verification. Increasingly voting, banking, etc... already relies on having an ID.

Age verification is a good thing. Giving children unrestricted access to hardcore pornography is bad for them. Whatever arguments you want to make, fundamentally this is true.

European proponents of "anti-big-tech action" make it pretty explicit - broad discretionary power should be given to executive branch, because otherwise "international corporations" will use "loopholes" (and these "loopholes" are, in practice, explicitly written laws used as intended).

Now the issue of which properties can "ask to verify your age" and "apple now knows what you're looking at" is still an unsolved problem, but maybe that solution can be delivered by something like a one time offline token etc.

But again, this is a very hard problem to solve and I would personally like to not have companies verify age etc.

Not exactly a good moment for this caste of politicians to pretend they care about children's well-being, though.

The problem of identifying a value for each person is very difficult. But government's role stops there. Until the teenager's screen more factors stay in the middle (parents, peers, criminals). I am curious how it turns out eventually. As a parent, I have already banned SM for my children, so not "affected" by the new policy.

You're not 18 yet?

No Problem we just give you two certs with different valid from/to ranges that overlap and don't give away your birthday.

Problem solved.

Practically that means all of them will be imprisoned for life, of course.

Do we need laws to make this happen? What methods can be used to aid adoption? Do site operators really want to know the humanness and ages or are those just masks on adding more surveillance?

Instead of requiring IDs, we should let parents manage what their children do online.

Some can be 50 and still be clueless who to trust and what to do.

Every kind of discrimination merely shifts the burden.

And thinking of the children as an excuse for draconian law is itself child abuse. It's using children as a shield to take cover.

EDIT: I'd like to add that if age verification becomes a thing, we should also have an online drug test, insurance verification, financial wellbeing tests, mental health checks and a badge of dishonor for anyone who fails to comply.

Liquor stores, bars, strip clubs, adult bookstores, or similar businesses don't let kids in. Movie theatres don't let a 10 year old in to an R-rated movie. The tech industry ignored their social responsibility to keep kids away from adult and age-inappropriate content. Now, they are facing legal requirements to do so. Tough for them, but they could have been more proactive.

That being said nothing about these laws is about protecting children; their primary purpose is to crack down on the next Just Stop Oil or Palestine Action so for that reason should be opposed.

It cannot be a friction-less experience. Allowing children to see gore and extreme porn at a young age is not healthy. And then we have all the "trading" platforms (gambling).

Even though my brothers were able to get many hard drugs when I was young, around 1977, there was a lot of friction. Finding a dealer, trusting them, etc. Some bars would not card us but even then there was risk and sometimes they got caught. In NY we could buy cigarettes, no friction, and the one drug I took when I was young, addicted to them at 16, finally quitting for good at 20. I could have used some friction there.

So how do we create friction? Maybe hold the parents liable? They are doing this with guns right now, big trial is just finishing and it looks like a father who gave his kid an ak47 at 13 is about to go to jail.

I would like to see a state ID program when the ID is just verified by the State ID system. This way nothing needs to be sent to any private party. Sites like Discord could just get a OK signal from the state system. They could use facial recognition on the phone that would match it with the ID.

Something needs to be done however. I disagree that the internet needs to be open to all at any age. You do not need an ID to walk into a library, but you need one to get into a strip club. I do not see why that should not be the same on the internet.

It's like bankid or myid works in Scandinavian countries.

When you need to identify yourself you are challenged by a 3rd party trusted service.

Making this a age verification should be very easy.

https://www.mitid.dk/en-gb/about-mitid/?language=en-gb

I could generate my own key, have the government blind sign it upon verifying my identity, and then use my key to prove I'm an adult citizen, without anyone (even the signing government) know which key is mine.

Any veryfying entity just need to know the government public key and check it signed my key.

politicians are interested in it because they're begging for some way to censor the internet, which would actually be even worse for parenting because now it prevents children from ever learning to be responsible with these highly addictive platforms

Big tech don't have wait for an outright government ban when they can just say that we are a teen-only site by default and everyone have to verify if they are over 18 or not. This age verification will affect everyone no matter what.

This is not true, as others have pointed out. Kind of sad to see no mention of privacy-preserving technology already in use in an IEEE article.

"The only way to prove that someone is old enough to use a site is to collect personal data about who they are. And the only way to prove that you checked is to keep the data indefinitely."

If you start by legislating that you can't collect personal data or ID, then you are forced to do your age verification through other means. And legislate the government can't see what websites a user is visiting if you can to stop overreach. End result is a workable solution, zero knowledge proof or similar where government (the source of your ID documents) signs a token brokered by a proxy.

But when you start arguments from the position of 'no way to do this without violating privacy', the end result will be to violate privacy, because it seems an awful lot of people are demanding age verification and will sacrifice if they believe it is necessary.

to a lot of people it never sat well that people could just go online and say whatever they want, and communicate with each other unsupervised at large scale, and be effectively untargetable while doing so - that model of the internet was only allowed because it happened under the radar and those uncomfortable with it have been fighting it since they got the memo

Once you are verified, you just flip a bit "verified" in the database and delete all identification data.

No reason to store the data indefinitely

and if you have internet access without paying, that means someone else is legally responsible for your access

"problem solved" ?

Second, if all it takes to get into underage spaces is not being verified, predators *will* notice and exploit this hole.

Even the absence of information is information.

The Roblox games site, which recently launched a new age-estimate system, is already suffering from users selling child-aged accounts to adult predators seeking entry to age-restricted areas, Wired reports.

I rest my case.

That's the whole point, right? A pretense to remove any remaining anonymity from communications?

Governments are endlessly infested with the worst people. They look back at historical attempts at totalitarianism and think to themselves, "Let's facilitate something like that, but worse".

I think most people are aligned here, and that an internet without identification is inevitable whether we like it or not.

To be clear, tackling the issue of child access to the internet is a valuable goal. Unfortunately, "well what if there was a magic amulet that held the truth of the user's age and we could talk to it" is not a worthwhile path to explore. Just off the top of my head:

1. In an age of data leaks, identity theft, and phishing, we are training users to constantly present their ID, and critically for things as low stakes as facebook. It would be one thing if we were training people to show their ID JUST for filing taxes online or something (still not great, but at least conveys the sensitivity of the information they are releasing), but no, we are saying that the "correct future" is handing this information out for Farmville (and we can expect its requirement to expand over time of course). It doesn't matter if it happens at the OS level or the web page level -- they are identical as far as phishing is concerned. You spoof the UI that the OS would bring up to scan your face or ID or whatever, and everyone is trained to just grant the information, just like we're all used to just hitting "OK" and don't bother reading dialogs anymore.

2. This is a mess for the ~1 billion people on earth that don't have a government ID. This is a huge setback to populations we should be trying to get online. Now all of a sudden your usage of the internet is dependent on your country having an advanced enough system of government ID? Seems like a great way for tech companies to gain leverage over smaller third world companies by controlling their access to the internet to implementing support for their government documents. Also seems like a great way to lock open source out of serious operating system development if it now requires relationships with all the countries in the world. If you think this is "just" a problem of getting IDs into everyone's hands, remember that it a common practice to take foreign worker's passports and IDs away from them in order to hold them effectively hostage. The internet was previously a powerful outlet for working around this, and would now instead assist this practice.

3. Short of implementing HDCP-style hardware attestation (which more or less locks in the current players indefinitely), this will be trivially circumvented by the parties you're attempting to help, much like DRM was.

Again, the issues that these systems are attempting to address are valid, I am not saying otherwise. These issues are also hard. The temptation to just have an oracle gate-checker is tempting, I know. But we've seen time and again that this just (at best) creates a lot of work and doesn't actually solve the problem. Look no further than cookie banners -- nothing has changed from a data collection perspective, it's just created a "cookie banner expert" industry and possibly made users more indifferent to data collection as a knee-jerk reaction to the UX decay banners have created on the internet as a whole. Let's not 10 years from now laugh about how any sufficiently motivated teenager can scan their parent's phone while they're asleep, or pay some deadbeat 18 year-old to use their ID, and bypass any verification system, while simulateneously furthering the stranglehold large corporations have over the internet.

From every political angle, the messaging seems to be "we want you to give birth to many kids, but we don't trust you raising them"

Yeah, sure. Whatever you say, Jack.

Governments recycle "Think of the children" mantra and they are again after terrorists and bad guys.

The advantage, I think, of age verification by private companies over cellphone bans in public schools is that cellphone bans appear as a line-item on the government balance sheet, whereas the costs of age verification are diffuse and difficult to calculate. It's actually quite common for governments to prefer imposing costs in ways that make it easier for the legislators to throw up their hands and whistle innocently about why everything just got more expensive and difficult.

And the argument over age verification for merely viewing websites, which is technically difficult and invasive, muddles the waters over the question of age verification for social media profiles, where underage users are more likely to get caught and banned by simple observation. The latter system has already existed for decades -- I remember kids getting banned for admitting they were under 13 on videogame forums in the '00s all the time. It seems like technology has caused people to believe that the law has to be perfectly enforceable in order to be any good, but that isn't historically how the law has worked -- it is possible for most crimes to go unsolved and yet most criminals get caught. If we are going to preserve individual privacy and due process, we need to be willing to design imperfect systems.

The only way to prove that someone is old enough to use a site is to collect personal data about who they are. And the only way to prove that you checked is to keep the data indefinitely.

Well isn't this premise false from the get go? Many countries (not the US sure, but others) have digitised ID. Services can request info from the ID provider; in this case social media websites would simply request a bool isOver16, literally one bit of information, to grant access. No other information needs to be leaked, and no need for idiotic setups like sending photos of your passport to god knows what website (or god knows what external vendor that website uses for ID verification).

Seems silly to worry about this when social media itself is predicated on collecting gigabytes of data about you daily.

Again, this is not about half assed solutions that force you to send photos of your passport to websites. That's a terrible idea for the reasons discussed in the article. But it's obviously false that this is the only way.

I also suspect that social media has damaging effects on kids, and they probably shouldn't have access to it, but not like this. I'd probably be quicker to support something like saying that individuals <18 aren't allowed to buy or possess a phone or tablet that has access to an app store or web browser, and only offers voice- and text-based communications channels. Ok, so now it all happens on a laptop? What's "a tablet?" Is a Chromebook a tablet? It's fucking impossible.

Two things tech companies want to protect:

The perception of anonymity

Who gets to collect that information

I agree that a smaller loop of people should have that data but the loop is growing every day.

So if it ruins the perception anonymity for young naieve users so be it.

I'm not saying it's impossible to be somewhat anon, I'm just saying untrained users should understand the environment they're interacting with before they get hooked on useless products.

Age verification is not more difficult than a payment system.

I mean, if I can pay on a website without the website to know my credit card number, I should be able to prove my age without the website to know anything about me either.

France has a ID verification system for all its service. You’d think they should be able to provide a hook that lets people prove they’re over the age limit to any third party without the third party knowing. It seems fairly basic.

There is a solution to this.

There are privacy issues on the internet, but I think this ain’t one.

Of course we hate child abuse.

Of course we hate criminals.

Of course we hate social media addicting our kids.

But they’re just used as emotional framing for the true underlying desire: government surveillance.

(For the record: I am not into conspiracy theories; the EU has seen proposals for - imho technically impossible - “legally-breakable encryption” alone in 2020, 2022, and 2025; now we”ll also see repeated attempts at the “age verification” thing to force all adults to upload their IDs to ‘secure’ web portals)

I will go as far as to assume that no one on HN believes this is done for the children. It's been done to censor people and ID the majority of normies online. And when you think of this, the undermining of everyone's data protection is note an undesired side effect, it's the goal.

For you'll need to be accounted while they do the counting.

A good solution that respects privacy and helps reduce the exposure to harmful content at a young age is not very obvious though (but common sense and parental guidance seems to be the first step)

But, I don't get the approach. It's not like social media starts being a positive in our life at 20. The way these companies do social media is harmful to mental health at every age. This is solving the wrong problem.

The solution is to take away their levers to make the system so addictive. A nice space to keep in touch with your friends. Nothing wrong with that.

Major banks and government institutions can’t even be bothered to implement the NIST password guidelines. If they got their gdpr soc2 fedramp whatever it’s green lights and the rest is insurance.

Yup.

Basically, kids can sign up for an account triggering a notification to parents. The parent either approves or rejects the sign in. Parents can revoke on demand. See kids login usage to various apps/services. Gets parental restrictions in the login flow without making it a PITA.

Just make Google/Apple reveal part of that data (age > x years) to websites and apps.

Boom, done. Privacy guarded. Easy.

It's not even worth talking about online. There's too much inorganic support for the objectives of nation-states and the corporations that own them.

Legislation has been advanced in Colorado demanding that all OSes verify the user's age. It will fail, but it will be repeated 100 times, in different places, smuggled attached to different legislation, the process and PR strategies refined and experimented with, versions of it passed in Australia, South Korea, maybe the UK and Europe, and eventually passed here. That means that "general purpose" computing will be eventually be lost to locked bootloaders.

https://www.pcmag.com/news/colorado-lawmakers-push-for-age-v...

[edit: I'm an idiot, they already passed it in California https://www.hunton.com/privacy-and-cybersecurity-law-blog/ca...]

And it will be an entirely engineered and conscious process by people who have names. And we will babble about it endlessly online, pretending that we have some control over it, pretending that this is a technical discussion or a moral discussion, on platforms that they control, that they allow us to babble on as an escape valve. Then, one day the switch will flip, and advocacy of open bootloaders, or trading in computers that can install unattested OSes, will be treated as organized crime.

All I can beg you to do is imagine how ashamed you'll be in the future when you're lying about having supported this now, or complaining that you shouldn't have "trusted them to do it the right way." Don't let dumb fairytales about Russians, Chinese, Cambridge Analytics and pedophile pornography epidemics have you fighting for your own domination. Maybe you'll be the piece of straw that slows things down just enough that current Western oligarchies collapse before they can finish. Maybe we'll get lucky.

Polls and ballots show that none of this stuff has majority organic support. But polls can be manipulated, and good polls have to be publicized for people to know they're not alone, and not afraid they're misunderstanding something. If both candidates on the ballot are subverted, the question never ends up on the ballot.

The article itself says nothing that hasn't been said before, and stays firmly under the premise that access to content online by under-18s is suddenly one of the most critical problems of our age, rather than a sad annoyance. What is gained by having this dumb discussion again?

I don't think this legislation would have helped me. I found the material I did outside of social media and Facebook was not yet ubiquitous. I did not have a smartphone at the time, only a PC. I stayed off social media entirely in college. Even with nobody at all in my social sphere, it was still addicting. There are too many sites out there that won't comply and I was too technically savvy to not attempt to bypass any guardrails.

The issue in my case was not one of "watching this material hurt me" in and of itself. It was having nobody to talk to about the issues causing my addiction. My parents were conservative and narcissistic and did not respect my privacy so I never talked about my addiction to them. They already punished me severely for mundane things and I did not want to be willingly subjected to more. To this day they don't realize what happened to me. The unending mental abuse caused me to turn back to pornography over and over. And I carried a level of shame and disgust so I never felt comfortable disclosing my addiction to any school counselors or therapists for decades. The stigma around sexual issues preventing people from talking about them has only grown worse in the ensuing years, unfortunately.

At most this kind of policy will force teenagers off platforms like Discord which might help with being matched with strangers, but there are still other avenues for this. You cannot prevent children from viewing porn online. You cannot lock down the entire Internet. You can only be honest with your children and not blame or reproach them for the issues they have to deal with like mine did.

In my opinion, given that my parents were fundamentally unsafe people to talk to, causing me to think that all people were unsafe, then the issue of pornography exposure became an issue. In my case, I do not believe there was any hope for me that additional legislation or restrictions could provide, outside of waking up to my abuse and my sex addiction as an adult decades later. Simply put, I was put into an impossible situation, I didn't have any way to deal with it as a child, and I was ultimately forsaken. In life, things like those just happen sometimes. All I can say was that those who forsook me were not the platforms, not the politicians, but the people who I needed to trust the most.

I believe many parents who need to think about this issue simply won't. The debate we're having here on this tech-focused site is going to pass by them unnoticed. They're not going to seriously consider these issues and the status quo will continue. They won't talk with their children to see if everything's okay. I don't have many suggestions to offer except "find your best family," even if they aren't blood related.

These so-called "platforms" already collect data about who people are in order to facilitate online advertising and whatever else the "platform" may choose to do with it. There is no way for the user to control where that data may end up or how it may be used. The third party can use the data for any purpose and share it with anyone (or not). Whether they claim they do or don't do something with the data is besides the point, their internal actions cannot be verified and there are no enforceable restrictions in the event a user discovers what they are doing and wants to stop them (at that point it may be too late for the user anyway)

"Tech" journalists and "tech bros" routinely claim these "platforms" know more about people than their own families, friends and colleagues

That's not "privacy"

Let's be honest. No one is achieving or maintaining internet "privacy" by using these "platforms", third party intermediaries (middlemen) with a surveillance "business model", in order to communicate over the internet

On the contrary, internet "privacy" has been diminishing with each passing year that people continue to use them

The so-called "platforms" have led to vast repositories of data about people that are used every day by entities who would otherwise not be legally authorised or technically capable of gathering such surveillance data. Most "platform" users are totally unaware of the possibilities. The prospect of "age verification" may be the wake up call

"Age verification" could potentially make these "platforms" suck to a point that people might stop using them. For example, it might be impossible to implement without setting off users' alarm bells. In effect, it might raise more awareness of how the vast quantity of data about people these unregulated/underregulated third parties collect "under the radar" could be shared with or used by other entities. Collecting ID is above the radar and may force people to think twice

The "platforms" don't care about "privacy" except to control it. Their "business model" relies on defeating "privacy", reshaping the notion into one where privacy from the "platform" does not exist

Internet "privacy" and mass data collection about people via "platforms" are not compatible goals

"... our founders displayed a fondness for hyperbolic vilification of those who disagreed with them. In almost every meeting, they would unleash a one-word imprecation to sum up any and all who stood in the way of their master plans.

"Bastards!" Larry would exclaim when a blogger raised concerns about user privacy."

- Douglas Edwards, Google employee number 59, from 2011 book "I'm feeling lucky"

If a user decides to stop using a third party "platform" intermediary (middleman) that engages in data collection, surveillance and ad services, for example, because they wish to avoid "age verification", then this could be the first step toward meaningful improvements in "internet privacy". People might stop creating "accounts", "signing in" and continuing to be complacent toward the surreptititious collection of data that is subsequently associated with their identity to create "profiles"

PS = pr0n site

AV = age verification site (conforming to age-1 spec and certified)

  PS: Send user to AV with generated token
  AV: Browser arrives with POST data from PS with generated token
  AV: AV specific flow to verify age - may capturing images/token in a database. May be instant or take days

  AV: Confirms age, provides link back to original PS
  PS: Requests AV/status response payload:

  {
    "age": 21,
    "status": "final"
  }

I don't know if this is already the flow, but I suspect AV is sending name, address, etc... All stuff that isn't needed if AV is a certified vendor.

Maybe TBL is right and we need a new internet? I don’t have the answer here, but this one is too commercialized and these companies are very hawkish.

"None of this is an argument against protecting children online. It is an argument against pretending there is no tradeoff"

Tradeoff acknowledged, and this runs both sides, there's hundreds of risks that these policies are addressing.

To mention a specific one, I was exposed to pornography online at age 9 which is obviously an issue, the incumbent system allowed this to happen and will continue to do so. So to what tradeoffs in policy do detractors of age verification think are so terrible that it's more important than avoiding, for example, allowing kids first sexual experiences to be pornography. Dystopian vibes? Is that equivalent?

Or, what alternative solutions are counter-proposed to avoid these issues without age verification and vpn bans.

Note 2 things before responding:

1)per the original quote, it is not valid to ignore the trade offs with arguments like "child abuse is an excuse to install civilian control by governments"

2) this was not your initiave, another group is the one making huge efforts to intervene and change the status quo, so whatever solution is counterproposed needs to be new, otherwise, as an existing solution, it was therefore ineffective.

If any of those is your argument, you are not part of the conversation, you have failed to act as wardens of the internet, and whatever systems you control will be slowly removed from you by authorities and technical professionals that follow the regulations. Whatever crumbs you are left as an admin, will be relegated to increasingly niche crypto communities where you will be pooled with dissidents and criminals of types you will need to either ignore or pretend are ok. You will create a new Tor, a Gab, a Conservapedia, a HackerForums, and you will be hunted by the obvious and inequivocal right side of the law. Your enemy list will grow bigger and bigger, the State? Money? The law? God? The notion of right and wrong which is like totally subjective anyways?

And the only way to prove that you checked is to keep the data indefinitely.

This is not true and made me immediately stop reading. If a social media app uses a third party vendor to do facial/ID age estimation, the vendor can (and in many cases does) only send an estimated age range back to the caller. Some of the more privacy invasive KYC vendors like Persona persist and optionally pass back entire government IDs, but there are other age verifiers (k-ID, PRIVO, among others) who don't. Regulators are happy with apps using these less invasive ones and making a best effort based on an estimated age, and that doesn't require storing any additional PII. We really need to deconflate age verification from KYC to have productive conversations about this stuff. You can do one thing without doing the other.