Ready or not, age verification is rolling out across the internet
Following a yearslong political push to make the internet safer for kids, age verification has started seeping into online spaces across the globe. Lawmakers in the US, Europe, Australia, and elsewhere have all passed age-gating rules, and platforms have begun to comply. The likely methods for verification are similar to those in the UK. Platforms typically ask users to either enter a payment card, upload a government-issued ID, take a selfie, or allow a platform to use their data (like account creation dates and user connections) to 'estimate' their age. Most rely on third-party services: Bluesky uses the Epic Games-owned Kids Web Services; Reddit is working with Persona; and Discord has partnered with k-ID.
The outcome so far is an assortment of online services handling sensitive user information — a 'privacy nightmare,' says Cody Venzke, senior policy counsel at the American Civil Liberties Union. 'There is no standardization of how age verification is supposed to take place.'
Some age verification platforms promise to erase your data after a certain period of time, like the seven days that Persona says it will keep the information used to verify your age on Reddit. But there's no guarantee every service will do this, and there are still massive security risks given how common data breaches have become. Last year, a security researcher found that AU10TIX — an identity verification solution used by TikTok, Uber, and X — left user information and driver's license photos exposed for months, 404 Media reported.
Governments are plowing toward the future of an age-gated internet
'When uploading your ID ... you are handing it over to a third party,' Venzke says. 'You're going to take their word that they're going to delete it or remove it after they're done using it.'
Despite these potential pitfalls, governments are plowing toward the future of an age-gated internet anyway. In addition to a crackdown in the UK, the European Union is hurdling toward a broad rollout of digital IDs, Australia is age-gating search engines, and users in many US states need IDs to access porn sites.
Age verification was long viewed as unconstitutional in the US, but the Supreme Court overturned that precedent earlier in 2025, concluding 'adults have no First Amendment right to avoid age verification' if it's meant to protect underage users from 'obscene' content. Several states, including Alabama, Idaho, Indiana, Kentucky, North Carolina, and Texas, have implemented laws requiring verification measures on adult websites. Some have tried to extend this to social media or app stores as a whole, but so far, they've failed — lawsuits filed by NetChoice, a technology trade group backed by Google, Meta, X, Amazon, Discord, and other tech giants, have successfully blocked bills in California, Arkansas, Georgia, Ohio, and Florida.
As in the UK, there's no guarantee against privacy and security breaches for states with age verification laws, and there's little standardization in this bevy of rules. Efforts in the US also coincide with escalating government digital surveillance and attempts to declare expressions of LGBTQ sexuality, like drag shows, as obscene, raising the risks of handing over personal data even further.
Not all age verification efforts entrust users' privacy to third-party services with a host of different methods. The EU is trialing not only age-gating requirements, but also government-managed digital IDs. It has started testing an age verification system prototype designed to 'bridge the gap' before digital IDs arrive by the end of next year. The solution will allow users to upload their passport or government ID card to a government-built system, which then generates a 'proof of age attestation' that is passed to sites. Sites can also use the customer identification methods employed by banks and mobile carriers. The goal is that users can upload sensitive information to a single system that can be held to a high privacy standard and is simple for sites to use.
Though having a centralized age verification solution may prevent users from having to pass their information through multiple verification services, plenty of questions remain regarding surveillance and accessibility. Aside from the ever-present possibility of data breaches, digital IDs may also restrict undocumented individuals from accessing content online. And, without the proper safeguards, digital identity systems may still 'phone home' to the ID's issuer when a user's age is verified, potentially allowing providers to track online activity.
'If I pull up my ID at the liquor store, the DMV doesn't know that, but with digital identification, there's a potential for that,' says Alexis Hancock, the director of engineering at the Electronic Frontier Foundation (EFF).
Down the line, the EU says it plans to enhance the framework with technology called zero-knowledge proof (ZKP). This is a cryptographic verification method that allows a service to prove something is true or false without revealing any additional information, as outlined by the EFF. That means an app could verify that a user is over the age of 18 without disclosing their exact birthdate. Google has already built a ZKP system into Google Wallet and has since open-sourced the technology, which it's encouraging EU members to adopt.
Even with ZKP in place, Hancock says that there are still concerns about what sites and apps can ask for information about a user's age. 'I haven't seen anything remotely promising at the moment that actually reels in verifiers in particular,' Hancock says. 'There's not a lot of scope restriction on who can actually ask for this and if it's even needed in some cases.'
Lawmakers and regulators have argued that there are overwhelming benefits to protecting children from harmful content or exploitative social media platforms. Melanie Dawes, the chief executive of Ofcom, the UK's communications regulator, boasted that 'prioritizing clicks and engagement over children's online safety will no longer be tolerated in the UK,' and US lawmakers and regulators have declared porn and social media a public health crisis. 'Putting in place commonsense guardrails that protect our kids from the dangers of social media is critical for their future and America's future,' Sen. Katie Britt said in an announcement about the Kids Off Social Media Act.
While keeping kids safe online is important, this messaging downplays or ignores the ripple effects. Right now, there just isn't any clear-cut way to verify someone's age online without risking a leak of personal information or hampering access to the internet. Until lawmakers stop and think about the bigger picture, everyone's privacy is going to be at risk.
Posts from this author will be added to your daily email digest and your homepage feed.
See All by Emma Roth
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Analysis
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Features
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Policy
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Privacy
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Security
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Speech
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Tech
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Fast Company
an hour ago
- Fast Company
WhatsApp removes 6.8 million accounts linked to scam centers
WhatsApp has taken down 6.8 million accounts that were 'linked to criminal scam centers' targeting people online around the world, its parent company Meta said this week. The account deletions, which Meta said took place over the first six months of the year, arrive as part of wider company efforts to crack down on scams. In a Tuesday announcement, Meta said it was also rolling out new tools on WhatsApp to help people spot scams, including a new safety overview that the platform will show when someone who is not in a user's contacts adds them to a group, as well as ongoing test alerts to pause before responding. Scams are becoming all too common and increasingly sophisticated in today's digital world — with too-good-to-be-true offers and unsolicited messages attempting to steal consumers' information or money filling our phones, social media and other corners of the internet each day. Meta noted that 'some of the most prolific' sources of scams are criminal scam centers, which often span from forced labor operated by organized crime — and warned that such efforts often target people on many platforms at once, in attempts to evade detection. That means that a scam campaign may start with messages over text or a dating app, for example, and then move to social media and payment platforms, the California-based company said. Meta, which also owns Facebook and Instagram, pointed to recent scam efforts that it said attempted to use its own apps — as well as TikTok, Telegram and AI -generated messages made using ChatGPT — to offer payments for fake likes, enlist people into a pyramid scheme and/or lure others into cryptocurrency investments. Meta linked these scams to a criminal scam center in Cambodia — and said it disrupted the campaign in partnership with ChatGPT maker OpenAI.
Fox News
an hour ago
- Fox News
Tea app hacked as women's photos, IDs & even DMs leaked online
Dating sites that bill themselves as discreet and private have often failed to live up to that promise. Take Ashley Madison for example, a dating website specifically marketed to people seeking extramarital affairs, which suffered a massive data breach in 2015. Hackers leaked the data of 32 million users, including personal information, emails, and financial details, leading to public outrage, lawsuits, and reported suicides. Now, a dating safety app called Tea has suffered a breach of its own, compromising selfies, photo identification, and images from posts, comments, and direct messages within the app. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Tea launched in 2023 as a U.S.-based "dating safety" app for women, requiring verification via selfies and government-issued ID. The ID requirement was phased out later that year. The app gained viral momentum in July 2025, reaching the top of the U.S. App Store and accruing millions of users On July 25, users on 4chan discovered a publicly accessible Firebase storage bucket containing data of Tea users (via 404Media). A post reportedly exclaimed: "DRIVERS LICENSES AND FACE PICS! GET THE **** IN HERE BEFORE THEY SHUT IT DOWN!" Tea later confirmed that the breach involved unauthorized access to a legacy database containing approximately 72,000 images, including 13,000 selfies and ID photos, and 59,000 images from posts, comments, and messages. These belonged to users who signed up before February 2024. Tea's leadership issued public statements confirming the image breach and claimed the data came from older systems not migrated to current secure infrastructure. Tea also stated that no email addresses or phone numbers were exposed and that only legacy users were affected. New revelations from independent researcher Kasra Rahjerdi and reporting by 404 Media showed that the breach extended far beyond images as approximately 1.1 million direct messages (DMs) spanning from early 2023 through July 2025 were also exposed. These included highly sensitive conversations about abortions, cheating, phone numbers, meeting info, and more. In response, Tea disabled its DM system and took the affected messaging system offline. The company announced that it found no evidence of intrusion into other parts of its infrastructure. CyberGuy reached out to Tea for comment but had not received a response by the time of publication. The Tea data breach is a nightmare for all of its users, and it just goes on to show how irresponsible companies are while touting privacy. Tea positioned itself as a safe space for women to share intimate experiences and then failed at the single most important promise it made, which is protecting that intimacy. This wasn't just usernames or email addresses. We are talking about government IDs, selfies, and 1.1 million private DMs containing confessions, relationship details, and deeply personal topics like assault and abortions. That's the kind of breach you can't walk back. Once those images and conversations are out in the wild, they are effectively permanent. Tea wasn't a generic social app. It marketed itself as a "dating safety" platform for women, meaning users had a reasonable expectation of higher-than-standard privacy protections. These leaks hit a misogynistic forum first. Victims weren't just exposed, they were immediately subjected to harassment campaigns, doxxing attempts, and having their faces and stories circulated without consent. If you've ever used Tea or even just signed up, it's important to take action now. Here are six steps to help protect your privacy and limit the fallout. If your ID was part of the leak, you're at risk of impersonation, and an identity theft protection service can help you stay safe. These services alert you to suspicious activity like new credit inquiries, account openings, or changes to your financial records, helping you act before the damage spreads. See my tips and best picks on how to protect yourself from identity theft at Leaked selfies or names can end up on people-search sites or shady databases. A personal data removal service can help you remove all this personal information from the internet. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting a free scan to find out if your personal information is already out on the web: Attackers often cross-reference usernames and reused passwords across the internet, even if your login wasn't part of the leak. Updating your passwords and enabling two-factor authentication on all accounts is a basic but crucial defense. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. Check out the best expert-reviewed password managers of 2025 at After high-profile leaks, it's common for victims to receive threatening messages. Don't respond. Don't click links. Report the message and block the sender. If you feel unsafe, contact local cybercrime authorities or a digital rights organization. The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Use reverse image search tools like Google Images or PimEyes to see if your face has been posted elsewhere. If you find anything, document it. Report it to the platform and avoid engaging directly with whoever shared it. If you believe your data was mishandled, you can file a complaint with: This adds pressure on the company to take responsibility and may help prevent future misuse of your data. It's an absolute shame that a platform promising privacy and giving women a space to open up didn't put in the effort to protect the data it was holding. If it were any other kind of app, this could still be contained. But one where people share sensitive information puts users in real danger. We're already seeing people harass those whose data was leaked, and it will likely get worse from here. Do you think apps that handle sensitive data should be held to stricter security standards? Let us know by writing us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
Yahoo
an hour ago
- Yahoo
Invenda Group Appoints Bjoern Schuster as New COO to Accelerate Global Expansion
Invenda's leadership team is strengthened by the addition of a seasoned operations executive to drive its next growth phase New appointment will focus on accelerating the global scaling of Invenda's AI-powered automated retail platform Strategic role in driving core business growth, organizational development, and high-level deal-making Alpnach, Switzerland--(Newsfile Corp. - August 6, 2025) - Invenda Group AG, the Swiss software company transforming automated retail, today announced the appointment of Bjoern Schuster as its new Chief Operating Officer. In this newly created position, Schuster will be responsible for scaling Invenda's core business, elevating the company's organizational development to the next level, and driving strategic deal-making to solidify its market leadership further. Bjoern Schuster brings to Invenda a strong background in operational leadership, with a proven track record of scaling businesses and building high-performing teams. His leadership style is known for effectively connecting strategic vision with operational discipline. This method has consistently helped him build scalable systems, enhance team capabilities, and promote sustainable growth, making him an ideal choice to lead Invenda's operational future as the company continues to expand globally. Anton von Rueden, the new CEO of Invenda Group, said: "Bjoern Schuster has an impressive track record of leading technology-driven companies through rapid growth. His extensive experience in building scalable systems and promoting operational excellence will be crucial as we speed up Invenda's international expansion. We are pleased to welcome an expert of Bjoern's caliber to our leadership team." Bjoern Schuster expressed his excitement about the new role: "I have dedicated my career to building and scaling operations for innovative technology companies. Invenda Group is pioneering the future of retail with a truly disruptive approach. The automated retail industry is at a pivotal moment, ready for the kind of groundbreaking changes we've seen in other tech sectors. I look forward to applying my experience to help advance this vision and achieve sustained international success." For more information about Invenda Group's innovative approach to automated retail and partnership opportunities, visit Download high-resolution image material free of charge for media use: About Invenda Group AG Invenda Group AG is a Swiss software company transforming automated retail and digital out-of-home (DOOH) advertising through its proprietary AI-powered platform. Invenda's technology connects and automates networks of smart vending machines, micro markets, and digital screens-enabling operators and brands to optimize operations, access real-time data, and unlock new revenue streams through location-based e-commerce and targeted advertising. Headquartered in Alpnach, Switzerland, Invenda has locations in Berlin, New York, Miami, Hong Kong, Sofia, and Novi Sad. The company supports deployments in 22 countries and partners with global leaders. For more information, please visit: Press Contact Invenda Group AGCorporate CommunicationsJoachim M. GuentertIndustriestrasse 236055 Alpnach, SwitzerlandTel.: +41 (0)44 586 00 33media@ To view the source version of this press release, please visit Sign in to access your portfolio
