Latest news with #Persona
Gulf Insider
2 days ago
- Gulf Insider
The Era Of Online Age Checks Is Here - How Does It Work?
In the United States, at least 24 states have already passed laws requiring pornography sites to verify users' ages, according to the Age Verification Providers Association. A handful of countries, including Germany, France, Australia, and Ireland, have implemented age verification to access specified content, from social media access to pornography. At the end of July, the UK rolled out the most comprehensive national system so far. How does age verification work in practice? What are the loopholes? And how might it reshape the internet? Here's what the experts say. Age‑verification systems range from uploading a photo of an identification such as a driver's license to advanced biometric scans. The Age Verification Providers Association lists several approved methods for age checks, including mobile phone account verification, credit database matching, transactional records, and digital ID apps. Some platforms ask users to upload a government‑issued ID, while others rely on mobile phone account data, banking or credit records, or digital ID apps to confirm age. Increasingly, sites are turning to biometric solutions, such as facial analysis that estimates age from a selfie or a brief movement check. Reddit, for example, uses the third‑party service Persona to verify either an ID or a live selfie, while Discord relies on k‑ID, which confirms age by analyzing facial movements. X combines internal account signals with optional ID checks. Porn sites like Pornhub offer a mix of options, such as requiring a photo ID or running a credit card check before users can view sexually explicit material. Mary Ann Miller, vice president and fraud adviser at Prove, a digital identity verification platform, said that age verification will become more standard and required over the next 24 months. Miller said that simpler methods include uploading a government-issued ID that is sometimes checked for authenticity or a selfie taken to ensure identity accuracy and that the person is alive. 'Other methods use solutions that leverage technology that uses the phone as a proxy for our identity since we have them with us 'all the time' and determine the assurance and trust of the person presenting information or attesting their age or attesting for a child's age as part of parental consent,' she told The Epoch Times by email. 'Other methods include age estimation from facial recognition or other data sources.' In terms of which methods are most reliable, Miller pointed to those that 'can use passive techniques to determine identity assurance first, then age verification as part of an identity flow.' Passive identity assurance techniques verify a user's identity without requiring the user to actively perform actions—such as entering a password or scanning a fingerprint—by using data already available to infer age, including credit cards, IP addresses, or other information. Businesses in the near future will have to overhaul their age‑verification systems to meet stricter standards, rather than relying on low‑accuracy or patchwork identity checks. 'What has taken many businesses by surprise is that when they try to apply age verification with low-accuracy identity checks or the absence of identity checks, they have to 'go back to the drawing board' on both aspects,' she said. Biometric age estimation can be conducted using facial analysis. Other methods include voice blueprints, gestures, and keystrokes (how you type). These methods are currently less well-developed than facial analysis but are progressing quickly. Derek Jackson, chief operations officer and cofounder of Cyber Dive, a tech company founded with the mission of keeping children safe online, told The Epoch Times by email that facial biometrics are 'newer but catching on quickly.' 'They estimate your age by analyzing your facial features, cheekbones, eye spacing, skin tone, in real time,' Jackson said. 'Voice biometrics and keystroke patterns are even newer. They try to match your unique patterns, your voice pitch, how fast or slow you type to known age profiles.' He said that facial recognition is growing quickly because 'it's simple, fast, and surprisingly effective.' Users remain wary about sharing personal data online, especially government IDs or biometrics. Denis Vyazovoy, chief product officer of AdGuard VPN, said that some platforms attempt to be more privacy-aware by, for example, not permanently storing selfies or ID documents or keeping data for just seven days. 'But even with such reassurances, trust is low,' he told The Epoch Times by email. 'Even though platforms claim that facial data or ID scans are not stored long-term, people remain wary, and rightfully so. The truth is, any method that requires biometric data, government ID, or sensitive financial information introduces serious privacy risks.' The UK's Online Safety Act does not mandate a single method of age verification. The UK's tech regulator Ofcom, which is in charge of policing the law, just requires companies to implement highly effective age assurances. The law focuses on keeping under‑18s out of adult spaces but does not tell companies how to achieve this goal, leaving firms to choose their own verification systems as long as they are 'highly effective.' But failure to implement a system can result in financial penalties of up to 10 percent of a service's qualifying worldwide revenue, or 18 million pounds ($23.9 million), whichever is greater. The Online Safety Act is a UK-specific law, but it affects U.S. and global companies with no legal presence in the country.
Tom's Guide
4 days ago
- Business
- Tom's Guide
Can you trust age verification agencies with your data?
Since the Online Safety Act (OSA) went into force in the UK on July 25, 2025, experts have expressed a range of concerns about the security implications of the law. The act requires social media platforms and sites that host adult material to confirm the age of users before they are able to access content that may be unsuitable for under-18s. Many sites and platforms have partnered with specialist third-party agencies that handle the processing of personal information provided by users to confirm their ages. The best VPNs have seen a huge spike in sign ups in the UK as people attempt to bypass age verification checks. Many users are worried about the possibility of their information being stored, shared, or used for purposes such as AI training. Given the sensitivity of this information, which can include ID scans, email addresses, phone numbers, and identifying photographs, it's a reasonable concern. This is compounded by the act's stipulation that checks should be "accurate, robust, reliable and fair," but without specifying that data should be stored securely. So, it's up to the third parties employed by these platforms to handle your sensitive data appropriately. Here's what some of the leading age verification agencies say about how they handle user data. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Yoti provides identity and age verification services and offers a digital ID platform. It can check ages via facial age estimation, ID verification, credit card checks, database checks, email age estimation, and mobile phone provider checks. In its privacy policy, Yoti states, "For most age-checking methods, the data is deleted as soon as the check is complete." This applies to images and credit card information, among other details. The only information supplied to Yoti's client is either your age in years or whether you are above the client's age requirement threshold. Where a third-party provider is involved in the process, however, they can retain the information for considerably longer. In the case of mobile provider checks, they may retain a record for up to two years. In addition, the client can extend the time given to Yoti to run checks to up to 28 days, during which the firm will retain your information. Yoti will also retain data when it is required to by law enforcement agencies and regulatory bodies. In terms of security, the provider has SOC 2, ISO 9001:2015, and ISO/IEC 27001:2022 accreditation, certifying that it has robust security systems and that it meets international standards for data security management. All age verification checks are processed within the UK or in US, EU, or UK AWS regions meaning that they fall under GDPR. Persona offers age verification, identity confirmation, and Know Your Customer (KYC) and Know Your Business (KYB) services. It runs checks via selfie age estimation, ID scans, and database checks. The company doesn't have a distinct privacy policy for its age verification service, unfortunately. In addition, Persona's standard privacy policy doesn't give specific details on how long user data is kept, noting that information may be retained for purposes such as dispute resolution. However, Persona does note that it will delete facial geometry scan data either "upon completion of verification or within three years of your last interaction with Persona [depending on the customer's instructions]." The policy includes a long list of third parties that may receive your personal data (including IT services providers, email communication and SMS software providers, ID verification services, mobile device operators, background check providers, consumer reporting services, fraud and identity management providers, and law enforcement). In addition, Persona automatically collects user information, including identifiers and device information, geolocation data, and usage data. The privacy policy also effectively states that your data could be processed in any country in the world. On a positive note, the service is SOC 2 and ISO 27001 certified, testifying to its security credentials. Au10tix (pronounced "authentics") is an identity verification specialist offering KYC, reusable ID, and selfie verification services. It checks the age of users with ID verification, incorporating liveness detection and ongoing authentication. Like Persona, Au10tix doesn't specify how long user data is kept in its privacy policy and notes that it will retain biometric data until the verification process is complete or until three years after the last interaction between the user and Au10tix's customer (when it will remove the information if it is specifically notified), whichever comes first. On the bright side, Au10tix states, "We do not sell, rent, or lease personal data." However, it will share personal data with third party service providers, law enforcement agencies, and others to comply with court orders and warrants. In addition, it will 'keep aggregated non-identifiable information without limitation'. When it comes to security, Au10tix uses SHA-2 and RSA 2048-key encryption and TLS/SSL connections for data in transit. The firm is ISO/IEC 27001:2013 certified, and all data is stored and processed in the EU, the US, the UK, and Israel, whether being handled by Au10tix or third parties. Stripe is a financial services company that offers payment and money management solutions for businesses as well as identity verification functionality. It can scan government IDs from 100+ countries, check information against databases, and use biometrics to confirm the validity of your ID. Stripe states that it "retains biometric data for one year and non-biometric data [including images, IP addresses, and data from your ID documents] for three years, with options for users to opt-out or request deletion of their data." Surprisingly, Stripe's customers can also access all the information that you've submitted, and they can grant permission to others to access your information via the platform. In addition, Stripe may provide access to third parties to assist with identity verification. When handling personal information, Stripe conveys data via TLS-encrypted connections, and it's encrypted with AES-256 while in storage. As a firm handling billions of dollars of payments each year, the company runs annual SOC 1 and SOC 2 Type II auditing, is SOC 3 accredited, and has a range of security certifications specific to the financial services sector. All data processing and storage occurs in the United States. Identity verification firm Incode provides age confirmation with facial age estimation, database checks, and ID validation. In Incode's privacy policy, it states that, as per GDPR, it will only process personal data where it has a legal basis for doing so. However, it doesn't specify any set term limits for the deletion of data. When it comes to biometric data, Incode states that it will retain the information until it has been used or until three years after your last interaction with the customer, whichever comes first. Incode commits not to share opt-in consent or phone numbers, but it may otherwise share personal data with service providers, analytics partners, business partners, law enforcement agencies, courts, and regulatory agencies. The firm is SOC 2 Type II and ISO 30107-3 compliant and has a newly launched vulnerability disclosure program meaning it will let users know if and when security issues are found and dealt with. Data processing occurs in the US and, slightly concerningly, in other unnamed countries. In theory, using a third-party firm that specialises in handling sensitive data means that the information should be handled securely and that it shouldn't be shared with the site or service requesting the verification. While the firms covered here generally have a solid set of security credentials, they will share your data with a variety of third-party service providers and may retain your information for years (or forever in some cases). In addition, while you might expect age verification firms to provide a discreet service, some providers will share your details with their customers and nearly all will generate a considerable paper trail. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
Irish Independent
4 days ago
- Business
- Irish Independent
Telecoms entrepreneur Tony Boyle dies
Mr Boyle was the co-owner of Persona, the company that came second to Denis O'Brien's Esat Digifone consortium in the competition for the licence in 1995. The award was subsequently examined by the Moriarty Tribunal, which concluded in its report in 2011 that Michael Lowry, as minister for communications in 1995, 'secured the winning' of the licence for Mr O'Brien. It also said payments to the then Fine Gael minister had been made or facilitated by the businessman. The tribunal findings were disputed by both men. Persona subsequently launched a legal action against the State, claiming a minimum €500m in damages. It alleged that, because of the 'misfeasance in public office' of Mr Lowry, it had lost out on the licence. The State defended the case and Mr O'Brien joined himself as a defendant. Mr Boyle's consortium had included the ESB and Motorola, then a significant presence in Ireland, along with Telia, a Swedish teleco. It also included Sigma Wireless, of which Mr Boyle was chairman and majority shareholder, alongside his business partner Michael McGinley, the father of former Ryder Cup captain Paul McGinley. Mr Boyle said that at one point Persona had invested well over €10m in the case. It sought permission from the Supreme Court to raise UK finance, but was refused on the basis of a feudal law known as 'champerty'. Ultimately, Mr Boyle did not live to see the outcome of the case, which is still in train over 20 years later. 'The bottom line here is that a government-commissioned inquiry found fundamentally major flaws in the process — effectively that payments were made which influenced the process,' the businessman told the Sunday Independent in 2023. "The Government accepted that report in the Dáil. It never challenged it." Explaining his reasons for seeking outside finance, Mr Boyle described himself and Mr McGinley as 'just two normal Joes', who didn't have the time or resources to take on the State. "I think a nominal settlement would be very acceptable. This is not necessarily a matter of jeopardising the finances of the State. That wouldn't be my objective, or my goal ever. We have obviously spent a lot of money. And we've had a lot of trauma as a result of it. We would start with them accepting the Moriarty report.' Another failed bidder in the competition recently dropped a separate lawsuit against the State. Comcast International Holdings, a US-registered media company, asked the High Court in May to discontinue proceedings which had been ongoing since 2001. Born in Dublin's inner city in 1951, Mr Boyle was educated at O'Connell's School on North Richmond Street, and after his Leaving Cert went to work for Telecommunications, a radio company based in Finglas, at the age of 17. He went on to launch the Motorola business in Ireland, and subsequently ran first the UK and then the European business for the company. In 1991 he formed Sigma Wireless with Mr McGinley, building radio networks for clients which included An Garda Siochana, the ambulance services, the Irish Coastguard, and the Irish Aviation Authority. Sigma also got international contracts from the United Nations to build communications networks for peacekeeping missions overseas. In more recent years, Mr Boyle created the Ireland Portugal Business Network, and from his home in Cascais became its president and chairman. He also worked with Dense Air, a 5G network in Portugal. He was on the executive board of the Dublin Chamber of Commerce for over 20 years, and a director of Ballymun Regeneration Ltd. Mr Boyle is survived by his wife Aoife, son Sé, and daughters Aisling, Jeanne and Anne-Marie.
Irish Independent
4 days ago
- Business
- Irish Independent
Telecoms entrepreneur Tony Boyle dies aged 73
Mr Boyle was the co-owner of Persona, the company that came second to Denis O'Brien's Esat Digifone consortium in the competition for the licence in 1995. The award was subsequently examined by the Moriarty Tribunal, which concluded in its report in 2011 that Michael Lowry, as minister for communications in 1995, 'secured the winning' of the licence for Mr O'Brien. It also said payments to the then Fine Gael minister had been made or facilitated by the businessman. The tribunal findings were disputed by both men. Persona subsequently launched a legal action against the State, claiming a minimum €500m in damages. It alleged that, because of the 'misfeasance in public office' of Mr Lowry, it had lost out on the licence. The State defended the case and Mr O'Brien joined himself as a defendant. Mr Boyle's consortium had included the ESB and Motorola, then a significant presence in Ireland, along with Telia, a Swedish teleco. It also included Sigma Wireless, of which Mr Boyle was chairman and majority shareholder, alongside his business partner Michael McGinley, the father of former Ryder Cup captain Paul McGinley. Mr Boyle said that at one point Persona had invested well over €10m in the case. It sought permission from the Supreme Court to raise UK finance, but was refused on the basis of a feudal law known as 'champerty'. Ultimately, Mr Boyle did not live to see the outcome of the case, which is still in train over 20 years later. 'The bottom line here is that a government-commissioned inquiry found fundamentally major flaws in the process — effectively that payments were made which influenced the process,' the businessman told the Sunday Independent in 2023. "The Government accepted that report in the Dáil. It never challenged it." Explaining his reasons for seeking outside finance, Mr Boyle described himself and Mr McGinley as 'just two normal Joes', who didn't have the time or resources to take on the State. "I think a nominal settlement would be very acceptable. This is not necessarily a matter of jeopardising the finances of the State. That wouldn't be my objective, or my goal ever. We have obviously spent a lot of money. And we've had a lot of trauma as a result of it. We would start with them accepting the Moriarty report.' Another failed bidder in the competition recently dropped a separate lawsuit against the State. Comcast International Holdings, a US-registered media company, asked the High Court in May to discontinue proceedings which had been ongoing since 2001. Born in Dublin's inner city in 1951, Mr Boyle was educated at O'Connell's School on North Richmond Street, and after his Leaving Cert went to work for Telecommunications, a radio company based in Finglas, at the age of 17. He went on to launch the Motorola business in Ireland, and subsequently ran first the UK and then the European business for the company. In 1991 he formed Sigma Wireless with Mr McGinley, building radio networks for clients which included An Garda Siochana, the ambulance services, the Irish Coastguard, and the Irish Aviation Authority. Sigma also got international contracts from the United Nations to build communications networks for peacekeeping missions overseas. In more recent years, Mr Boyle created the Ireland Portugal Business Network, and from his home in Cascais became its president and chairman. He also worked with Dense Air, a 5G network in Portugal. He was on the executive board of the Dublin Chamber of Commerce for over 20 years, and a director of Ballymun Regeneration Ltd. Mr Boyle is survived by his wife Aoife, son Sé, and daughters Aisling, Jeanne and Anne-Marie.
Tom's Guide
4 days ago
- Tom's Guide
From AI training to banning VPNs – here are 8 questions the internet is asking about the Online Safety Act
It's been almost two weeks since the Online Safety Act was introduced in the UK. The law requires websites and apps to conduct age verification checks before allowing users to view content deemed as potentially harmful to under 18s or explicit. Despite the law being well intentioned, people are unhappy at having to hand over sensitive personal information to third-party companies. Many have turned to the best VPNs in an attempt to bypass age verification checks. Supporters and opponents of the law have made their views clear but there are still questions being asked. People are wondering how their data is used and stored, what the risks are, and are even asking if there'll be a VPN ban. We've pulled together some of the most popular questions people are asking and give them our best answer. This is probably a good place to start. The Online Safety Act 2023 is a new law introduced by the UK government which aims to keep children, and adults, safe online. In an explainer, the UK government said "platforms will be required to prevent children from accessing harmful and age-inappropriate content." The main way this is done is through age verification checks. In order to access age-restricted content, users will have to prove they are over 18. This can include submitting photo ID, completing credit card or bank checks, and uploading a live selfie. OFCOM has the power to enforce regulations and fine those found to be breaking the law. Fines may be up to 10% of global revenue or £18 million, whichever is greater. There are numerous privacy and cybersecurity risks posed by the Online Safety Act. Privacy advocates believe the law imposes on people's online freedoms and argue we shouldn't need to hand over our data to browse the web. Cybersecurity experts see it as a "disaster waiting to happen." We're trusting our highly sensitive personal information to third-parties, many of which are not based in the UK. These age check providers store data for different lengths of time but it only takes one to suffer a data breach and risk serious consequences for huge amounts of people – one expert believed this was a matter of when, not if. We fully support the law's goals, but we're not surprised it doesn't cover personal data safety. There must be a balance between protecting vulnerable internet users but not compromising our data privacy and security. The answer varies between providers. Persona, Yoti, and AgeGO are some notable providers. Persona, used by Reddit, says it retains personal data "for as long as necessary to provide the service and fulfill the verification you have requested." But it also says data collection may vary depending on how you use the service and how third-parties implement it. In Reddit's case, the site says Persona doesn't retain your uploaded photo for longer than 7 days. Yoti, which is used by Spotify, says it stores your data for up to 28 days, and doesn't have access to it beyond that. Yoti says some of its clients will configure the service to delete your data as soon as age verification is complete. AgeGO says it does "not access or retain your personal data during the verification process." However it uses third-party providers in the age-check process and only receives the results. Although it improves anonymity, these third-parties are not disclosed so we don't know how they process and store data. This leaves us asking if AgeGO is safe to use. This is a big concern people have and is another question which doesn't have a straightforward answer. AI-powered age estimation techniques are employed by some age-check providers. AI will analyze a picture of your face, or even your browsing habits, to determine whether you're over 18. Age-check providers, including Persona, have said it uses "uploaded images of identity documents" to train its services and enable it to understand what documents and their features look like. Age verification on social media app X is another which utilizes AI-based age estimation, using its own AI systems. Its Age Assurance on X policy doesn't state how its AI systems use this data. However its wider privacy policy states it may use the data it collects "to help train our machine learning or artificial intelligence models." We would therefore exercise caution in uploading your information to providers using AI-based age estimation. By the letter of the law, any site or app hosting adult content must introduce age verification checks and they're present on many popular sites. Reddit and X require age checks, as well as Spotify – something which has baffled people online. There have been complaints of overreach and unintended consequences of the legislation. Reddit users have noted that subreddits discussing sobriety, mental health support, and combating addiction have been impacted. Wikipedia may have to introduce checks and it is fighting the regulations as a result. The BBC reported that information and news reports covering the conflicts in Gaza and Ukraine have also been blocked by age verification rules. Reports of this type of content being blocked is worrying, especially at a time when internet censorship and disinformation is highly prevalent. The UK government has said "platforms should not arbitrarily block or remove content and instead must take a risk-based, proportionate approach to child safety duties." It also said the law is "not designed to censor political debate." It "does not require platforms to age gate any content other than those which present the most serious risks to children." No, the government will not look at any age verification related information you upload. Beyond passing the law, the government has little to no involvement in its day-to-day running or enforcement – and this makes the process quite inefficient. There are multiple age-check providers, requiring multiple proofs of age. You'll likely have to prove your age multiple times as not every site uses the same provider. Some experts, and internet users, believe the UK government should have set up a secure, government-run, age-check system and database. This would be more streamlined and having only one database would reduce the risk of data breaches. Major VPN providers saw a surge in sign ups in the first week of the law's introduction as people searched for ways to avoid age verification checks. The likes of Proton VPN, NordVPN, Opera VPN, and Surfshark – as well as suspect free VPNs – rose up the Apple App Store's top charts. In 2022, Labour MP Sarah Champion proposed an amendment to the Online Safety Act – then still a Bill – which would see OFCOM investigate if VPN use was undermining internet regulations. The amendment didn't pass and on July 28 2025, Champion responded to the news of a UK VPN surge. She said in a tweet she warned the previous government this would happen and "child protection should always be the priority." So frustrating, I did warn the last Government this would happen, but was shut down. Child protection should always be the priority. 😞 28, 2025 The UK's Secretary of State for Science, Innovation and Technology, Peter Kyle, has acknowledged VPN use is rising and would look "very closely" at how they're being used – however, he said he would not ban VPNs. So, it is very unlikely the UK government will ban VPNs. The law is well intentioned. It aims to protect children from seeing content they shouldn't and this can only be a good thing. It can be easy to access harmful content and children shouldn't be able to accidentally access it. However, as we've detailed, the law's implementation has raised serious concerns around data privacy and security. So, while its motives are a good thing, the law risks compromising our safety in other ways. A petition calling on the UK government to repeal the law is approaching 500,000 signatures. The government has said it won't repeal the law and Peter Kyle has said those wanting to overturn it are "on the side of predators." These types of accusations do nothing but widen divisions and fail to recognise the genuine concerns people have regarding their personal information and its safety. We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
