Age verification for social media, the beginning of the end for a free internet?
- Privacy
- Regulation
- Social Media
- Security
- Infrastructure
Mullvad’s post warns that requiring age checks for social media will push the internet from anonymous access toward identity-gated access. It frames this as part of a broader trend where governments and platforms use child safety to justify more surveillance, more centralized control, and less room for pseudonymous speech. The post also points to the EU’s privacy-preserving rhetoric around zero-knowledge proofs, while arguing that real deployments can still fall back to ordinary identity checks and create the same practical outcome. Commenters largely bought the core warning that once age checks become normal, they spread from porn to social media and then outward to more of the web. The sharpest discussion landed on a narrower point though: several people said the article overstates what California’s bill does. In their reading, it does not require operating systems to verify identity. It requires devices to collect an age bucket at setup and expose that to apps, which looks much closer to mandated parental controls than to universal ID checks. That distinction mattered because a lot of people were willing to accept OS-level age flags or content labels as the least bad option, while rejecting app-by-app selfie scans, passport uploads, and third-party verification vendors. Another recurring conclusion was that the real failure came earlier. Platforms made themselves addictive, hostile to parents, and economically dependent on surveillance, then invited regulation by refusing to build usable local controls. That left governments reaching for blunt tools and left users suspicious that companies would happily turn any new rule into more data collection. A smaller but persistent countercurrent said the open web is not dead, only giant platforms are, and the practical response is to self-host more, use smaller communities, and move toward protocols and spaces that do not depend on centralized identity at all.
Treat "age verification" as several different policy designs, not one thing. If this touches your product or policy work, separate privacy-preserving local age signals from identity collection schemes and watch the implementation details, because that distinction is where the real fight is.
-
mullvad.net
- Discuss on HN