The UK's new age-gating rules are easy to bypass
As reports have noted across Reddit, Bluesky, and the comments on The Verge's quick post this morning, many online platforms ask users to verify their age based on their IP address. If the user's IP address doesn't indicate that they're located in the UK — a capability offered by even most free-to-use VPN services — they're free to keep using the web without having their identity checked.
Ofcom didn't specify exactly how it wanted online platforms to verify user ages, only that the methods must be 'strong' and 'highly effective.' Several of the age checkers I've seen offer similar options: users can either choose to confirm their age by uploading bank card information, an image of their government-issued ID, or a selfie used to estimate their age.
It's unclear if those selfie options could be spoofed by simply getting an older-looking friend to complete to process. In my testing of the Bluesky and Reddit face scanners, both were at least unwilling to verify images on my phone that I was holding up to my webcam.
A VPN allows users to bypass age checks entirely, however, and teens are savvy enough to figure that out. I should know, given I was using them at 14 to bypass firewalls on my school computers. And VPNs aren't the only workaround — some ad blockers like uBlock Origin allow users to create custom filters that can bypass age restrictions. Third-party Bluesky apps like Klearsky haven't introduced age checkers yet, and there are more technical solutions that involve installing userscripts and using self-hosted data servers.
If the spike in Brits searching for the term 'VPN' on Google is any indication, word of the loophole is spreading fast.
Posts from this author will be added to your daily email digest and your homepage feed.
See All by Jess Weatherbed
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Analysis
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Law
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Policy
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Social Media
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Tech
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
a minute ago
- Forbes
Audi F1 Team Inks Title Sponsorship Deal With Revolut
Kick Sauber's Gabriel Bortoleto and Nico Hulkenberg before practice at Spa Francorchamps, Belgium. ... More Picture date: Friday July 25, 2025. (Photo by Bradley Collyer/PA Images via Getty Images) The new-look Audi F1 Team, which is taking over Kick Sauber in 2026, has inked a major title sponsorship deal with Revolut. 'With Revolut, we have found a true partner that shares our core ethos of innovation and relentless ambition,' Jonathan Wheatley, team principal of the Audi F1 Team, said in a statement. "This is more than a brand fit; it is a strategic alliance engineered to challenge conventions in motorsport. From 2026, Revolut's digital-first solutions will power key areas of our operations while also redefining how fans and communities engage with our team, delivering a seamless and engaging experience on and off the track.' Revolut, a England-based fintech services firm with over 60 million customers, will make its motor sports sponsorship debut with this partnership. The firm stated that its goal with the partnership is to accelerate its consumer base to 100 million customers. The new Audi F1 Team has inked a title sponsorship with Revolut. 'This is a monumental partnership for Revolut and the future Audi F1 Team,' Nik Storonsky, CEO, Revolut, said. "We're accelerating towards 100 million customers, and we'll be bringing them into Formula 1 with unforgettable experiences at a pivotal time for the sport. As Revolut continues to challenge the status quo in global finance, the future Audi F1 Team is set to do the same in motorsport. With a shared outlook, global ambition and relentless drive for progress, this partnership will define what's possible in Formula 1.' Audi F1 Team will keep Kick Sauber's current driver lineup of Nico Hülkenberg and Gabriel Bortoleto. The new team will have its engine headquarters in Germany, with the racecar continuing to be designed at Sauber's Switzerland facility. Audi originally announced it was entering Formula 1 as a powerhouse in 2026, but it later announced it would completely takeover the Sauber team as it aquired a stake in the brand. Kick Sauber currently sits sixth in the constructor standings with 43 points. Hulkenberg recently scored a podium at Silverstone, his first podium ever in 14 years in Formula 1.
CNET
7 hours ago
- CNET
The Tea App Data Breach: What Was Exposed and What We Know About the Class Action Lawsuit
Tea, a women's dating safety app that surged to the top of the free iOS App Store listings, suffered a major security breach last week. The company confirmed Friday that it "identified authorized access to one of our systems" that exposed thousands of user images. And now we know that DMs were accessed during the breach, too. Tea's preliminary findings from the end of last week showed the data breach exposed approximately 72,000 images: 13,000 images of selfies and photo identification that people had submitted during account verification, and 59,000 images that were publicly viewable in the app from posts, comments and direct messages. Those images had been stored in a "legacy data system" that contained information from more than two years ago, the company said in statement. "At this time, there is no evidence to suggest that current or additional user data was affected." Earlier Friday, posts on Reddit and 404 Media reported that Tea app users' faces and IDs had been posted on anonymous online message board 4chan. Tea requires users to verify their identities with selfies or IDs, which is why driver's licenses and pictures of people's faces are in the leaked data. And on Monday, a Tea spokesperson confirmed to CNET that it additionally "recently learned that some direct messages (DMs) were accessed as part of the initial incident." Tea has also taken the affected system offline. That confirmation followed a report by 404 Media on Monday that an independent security researcher discovered it would have been possible for hackers to gain access to DMs between Tea users, affecting messages sent up to last week on the Tea app. Tea said it has launched a full investigation to assess the scope and impact of the breach. Class action lawsuit filed One of the users of the Tea app, Griselda Reyes, has filed a class action lawsuit on behalf of herself and other Tea users affected by the data breach. According to court documents filed on July 28, as reported earlier by 404 Media, Reyes is suing Tea over its alleged "failure to properly secure and safeguard ... personally identifiable information." "Shortly after the data breach was announced, internet users claimed to have mapped the locations of Tea's users based on metadata contained from the leaked images," the complaint alleges. "Thus, instead of empowering women, Tea has actually put them at risk of serious harm." Tea also has yet to notify its customers personally about their data being breached, the complaint alleges. The complaint is seeking class action status, damages for those affected "in an amount to be determined" and certain requirements for Tea to improve its data storage and handling practices. Scott Edward Cole of Cole & Van Note, the law firm representing Reyes, told CNET he is "stunned" by the alleged lack of security protections in place. "This application was advertised as a safe place for women to share information, sometimes very intimate information, about their dating experiences. Few people would take that risk if they'd known Tea Dating put such little effort into its cybersecurity," Cole alleged. "One chief goal of our lawsuit is to compel the company to start taking user privacy a lot more seriously." Tea did not immediately respond to a request for comment on the class action lawsuit. What is the Tea app? The premise of Tea is to provide women with a space to report negative interactions they've had while encountering men in the dating pool, with the intention of keeping other women safe. The app is currently sitting at the No. 2 spot for free apps on Apple's US App Store, right after ChatGPT, drawing international attention and sparking a debate about whether the app violates men's privacy. Following the news of the data breach, it also plays into the wider ongoing debate around whether online identity and age verification pose an inherent security risk to internet users. In the privacy section on its website, Tea says: "Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable."
CNET
9 hours ago
- CNET
The Tea App Data Breach: What Was Exposed and What to Know About the Class Action Lawsuit
Tea, a women's safety dating app that surged to the top of the free iOS App Store listings, suffered a major security breach last week. The company confirmed Friday that it "identified authorized access to one of our systems" that exposed thousands of user images. And now we know that DMs were accessed during the breach, too. Tea's preliminary findings from the end of last week showed the data breach exposed approximately 72,000 images: 13,000 images of selfies and photo identification that people had submitted during account verification, and 59,000 images that were publicly viewable in the app from posts, comments and direct messages. Those images had been stored in a "legacy data system" that contained information from more than two years ago, the company said in statement. "At this time, there is no evidence to suggest that current or additional user data was affected." Earlier Friday, posts on Reddit and 404 Media reported that Tea app users' faces and IDs had been posted on anonymous online message board 4chan. Tea requires users to verify their identities with selfies or IDs, which is why driver's licenses and pictures of people's faces are in the leaked data. And on Monday, a Tea spokesperson confirmed to CNET that it additionally "recently learned that some direct messages (DMs) were accessed as part of the initial incident." Tea has also taken the affected system offline. That confirmation followed a report by 404 Media on Monday that an independent security researcher discovered it would have been possible for hackers to gain access to DMs between Tea users, affecting messages sent up to last week on the Tea app. Tea said it has launched a full investigation to assess the scope and impact of the breach. Class action lawsuit filed One of the users of the Tea app, Griselda Reyes, has filed a class action lawsuit on behalf of herself and other Tea users affected by the data breach. According to court documents filed on July 28, as reported earlier by 404 Media, Reyes is suing Tea over its alleged "failure to properly secure and safeguard ... personally identifiable information." "Shortly after the data breach was announced, internet users claimed to have mapped the locations of Tea's users based on metadata contained from the leaked images," the complaint alleges. "Thus, instead of empowering women, Tea has actually put them at risk of serious harm." Tea also has yet to notify its customers personally about their data being breached, the complaint alleges. The complaint is seeking class action status, damages for those affected "in an amount to be determined" and certain requirements for Tea to improve its data storage and handling practices. Tea and Cole & Van Note, the law firm representing Reyes, did not immediately respond to requests for comment on the class action lawsuit. What is Tea? The premise of Tea is to provide women with a space to report negative interactions they've had while encountering men in the dating pool, with the intention of keeping other women safe. The app is currently sitting at the No. 2 spot for free apps on Apple's US App Store, right after ChatGPT, drawing international attention and sparking a debate about whether the app violates men's privacy. Following the news of the data breach, it also plays into the wider ongoing debate around whether online identity and age verification pose an inherent security risk to internet users. In the privacy section on its website, Tea says: "Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable."
