EU chief calls for a bloc-wide push on an age verification app to protect children online. If enforced, users will have to prove their age to access legally restricted sites.
I get why this sounds better than websites directly collecting IDs, but I think it still understates the problem. Even if the site only sees “18+”, the system still begins with strong identity proofing somewhere upstream. So this is not really anonymous access, it is identity-based access with a privacy layer on top.
The bigger issue is centralization. You still need trusted issuers, approved apps, approved standards, and authorities deciding who can participate. That means users are being asked to trust a centralized framework not to expand, not to abuse its power, and not to fail. History gives us no reason to be relaxed about that.
I am also skeptical of the privacy promises. These systems are always presented in their ideal form, but real-world implementations involve metadata, logging, renewal, compliance rules, vendors, and future policy changes. “The website does not know who you are” is only one small part of the privacy question.
So even in the best-case version, this is still dangerous because it normalizes the idea that access to lawful online content should depend on credentials issued inside a centrally governed identity ecosystem. Today it is age verification. Tomorrow it is broader permissioned access to the internet. That is why I do not see this as a decent compromise, but as infrastructure for future control.
The skepticism is very understandable. It is important to scrutinise solutions like this to make sure that they indeed do as they say they do, and to make sure the government doesn’t overreach with their authority.
That said, it should also be possible for laws to be enforced, and there are laws on the books that are supposed to prevent children from accessing things they we as a society have agreed they have no business accessing (alcohol, tabacco, porn, and increasingly commonly social media)
Currently there is no good method to actually enforce those laws on the internet, so there needs to be a solution for that.
I think this form of age verification may be a decent compromise between privacy and the need to enforce these existing laws.
there are laws on the books that are supposed to prevent children from accessing things they we as a society have agreed they have no business accessing
The problem is that different societies have different lists of things that they deem children shouldn’t access (or in some cases, citizens in general). For instance, conservative-leaning U.S. states are increasingly labeling any and all LGBTQ content as being unsuitable for children, furthering their indoctrination against a persecuted minority group.
Parents are in the wrong for preventing their children from accessing content depicting LGBTQ perspectives, and age verification tools in such markets are likely to be designed with the express intent of blocking access to LGBTQ content for minors by default.
I think the disagreement comes from treating “we have laws” as automatically meaning “we must enforce them everywhere at any cost.” The method matters. This approach flips the burden of proof by treating everyone as a minor unless they prove otherwise. That is a pretty extreme shift from how things normally work in the real world.
We also shouldn’t pretend this actually solves the problem. Kids got access to adult magazines before, and they will get access now through a parent’s phone, shared devices, or older friends. If that’s the target, this kind of system is mostly symbolic while adding friction and control for everyone else.
And more importantly, it normalizes something much bigger. Once you accept that accessing legal content requires proving attributes through some approved system, it becomes very easy to expand that logic. Today it’s age. Tomorrow it can be anything else.
So I don’t see this as a balanced compromise. It’s a disproportionate response to an enforcement gap, with long-term consequences that go way beyond the original problem.
I don’t think laws should be enforced at any cost, but if we can reasonably enforce laws I think there is a duty to do so.
Then there is also a different question of whether we agree with the laws on the books, but that is a different matter imo. Personally I don’t think we should limit access to pornography as strictly as the laws says we should, and I don’t think the ills of social media are solved with a simple age limit.
But that is a separate discussion from the implementation of a (in my eyes) reasonable approach to age verification
I don’t think it’s entirely a separate issue, because how a law is enforced is part of evaluating whether it makes sense in practice.
If a law can only be enforced by treating everyone as a minor until proven otherwise, that’s a strong signal that the law, or at least its scope, may be flawed.
I get why this sounds better than websites directly collecting IDs, but I think it still understates the problem. Even if the site only sees “18+”, the system still begins with strong identity proofing somewhere upstream. So this is not really anonymous access, it is identity-based access with a privacy layer on top.
The bigger issue is centralization. You still need trusted issuers, approved apps, approved standards, and authorities deciding who can participate. That means users are being asked to trust a centralized framework not to expand, not to abuse its power, and not to fail. History gives us no reason to be relaxed about that.
I am also skeptical of the privacy promises. These systems are always presented in their ideal form, but real-world implementations involve metadata, logging, renewal, compliance rules, vendors, and future policy changes. “The website does not know who you are” is only one small part of the privacy question.
So even in the best-case version, this is still dangerous because it normalizes the idea that access to lawful online content should depend on credentials issued inside a centrally governed identity ecosystem. Today it is age verification. Tomorrow it is broader permissioned access to the internet. That is why I do not see this as a decent compromise, but as infrastructure for future control.
The skepticism is very understandable. It is important to scrutinise solutions like this to make sure that they indeed do as they say they do, and to make sure the government doesn’t overreach with their authority.
That said, it should also be possible for laws to be enforced, and there are laws on the books that are supposed to prevent children from accessing things they we as a society have agreed they have no business accessing (alcohol, tabacco, porn, and increasingly commonly social media)
Currently there is no good method to actually enforce those laws on the internet, so there needs to be a solution for that.
I think this form of age verification may be a decent compromise between privacy and the need to enforce these existing laws.
The problem is that different societies have different lists of things that they deem children shouldn’t access (or in some cases, citizens in general). For instance, conservative-leaning U.S. states are increasingly labeling any and all LGBTQ content as being unsuitable for children, furthering their indoctrination against a persecuted minority group.
Parents are in the wrong for preventing their children from accessing content depicting LGBTQ perspectives, and age verification tools in such markets are likely to be designed with the express intent of blocking access to LGBTQ content for minors by default.
I think the disagreement comes from treating “we have laws” as automatically meaning “we must enforce them everywhere at any cost.” The method matters. This approach flips the burden of proof by treating everyone as a minor unless they prove otherwise. That is a pretty extreme shift from how things normally work in the real world.
We also shouldn’t pretend this actually solves the problem. Kids got access to adult magazines before, and they will get access now through a parent’s phone, shared devices, or older friends. If that’s the target, this kind of system is mostly symbolic while adding friction and control for everyone else.
And more importantly, it normalizes something much bigger. Once you accept that accessing legal content requires proving attributes through some approved system, it becomes very easy to expand that logic. Today it’s age. Tomorrow it can be anything else.
So I don’t see this as a balanced compromise. It’s a disproportionate response to an enforcement gap, with long-term consequences that go way beyond the original problem.
I don’t think laws should be enforced at any cost, but if we can reasonably enforce laws I think there is a duty to do so.
Then there is also a different question of whether we agree with the laws on the books, but that is a different matter imo. Personally I don’t think we should limit access to pornography as strictly as the laws says we should, and I don’t think the ills of social media are solved with a simple age limit.
But that is a separate discussion from the implementation of a (in my eyes) reasonable approach to age verification
I don’t think it’s entirely a separate issue, because how a law is enforced is part of evaluating whether it makes sense in practice.
If a law can only be enforced by treating everyone as a minor until proven otherwise, that’s a strong signal that the law, or at least its scope, may be flawed.