What we call "age verification" is actually mass surveillance

Privacy
Regulation
Security
Infrastructure
AI

The post says the phrase "age verification" hides what is really being built: systems that force people to prove identity or adulthood before accessing ordinary online services, which creates a durable trail of who did what online. The core claim is not that protecting kids is fake in every case, but that the political and commercial path of least resistance leads to broad surveillance, outsourced to ID-check vendors, app stores, device makers, and governments.

That framing landed with most readers. The strongest consensus was that the technical details matter less than the institutional incentives. Even where cryptography can prove "over 18" without revealing a full identity, lawmakers, platforms, and verification vendors still want anti-sharing, anti-fraud, and compliance hooks. That pressure drags systems toward device binding, remote attestation, account linkage, and logs. Several people walked through EU digital identity wallet designs and showed where the privacy story breaks down in practice. Stable device keys can become tracking identifiers. Rotating or single-use credentials help, but introduce issuer-side logging and verifier collusion risks. The bigger practical problem is that these schemes often depend on secure enclaves, app attestation, and locked-down phones, which means more power for Apple and Google and less room for Linux desktops, rooted phones, custom browsers, and generally open computing. A lot of the useful discussion converged on a different model entirely. If the actual goal is to keep kids away from certain classes of content, the cleanest approach is to make websites and apps label their content and let the browser, OS, or parent-controlled device decide whether to show it. That avoids turning every site into an identity checkpoint. People pointed out that versions of this idea already exist in TV and web labeling, and that California-style proposals are moving in this direction. The thread was blunt about the tradeoff though. Any system strong enough to stop determined older kids starts to resemble device lockdown. Any system light enough to preserve user freedom is bypassable. Many commenters accepted that as fine. They argued age controls should be judged like alcohol rules or parental controls, by adding friction and shifting defaults, not by achieving perfect enforcement. Where the conversation really settled was on trust. Very few people believed governments, platforms, or third-party age-check vendors would stop at narrow, data-minimized checks when richer tracking, liability shields, and competitive moats are on offer. That is why even commenters who said privacy-preserving age proofs are technically possible still opposed the laws as written. In practice, the likely rollout is more ID scans, face scans, provider logs, and pressure to use approved hardware and software. The thread treated that as the real warning sign, not the cryptography whiteboard version.

Treat age checks as an infrastructure decision, not a feature request. If your product could be pulled into this regime, push early for client-side parental controls and content labeling, because once identity and device attestation become the default, open platforms and anonymous access get much harder to defend.

June 23, 2026
pluralistic.net
Discuss on HN

Discussion mood

Strongly negative and distrustful. Most commenters saw age verification as a Trojan horse for surveillance, censorship, and platform lock-in, with a smaller but real minority arguing that child-safety harms are serious and that imperfect, privacy-preserving or parent-controlled systems are still worth pursuing.

Key insights

EU wallet designs still leak linkage

Walking through the EU digital identity wallet flow made the privacy problem concrete. Even when a site only asks for an "over 18" claim, the credential often carries device-bound material, provider involvement, or issuer refreshes that can create stable identifiers, timing correlations, or collusion points. Single-use credentials reduce one problem but open another, because whoever issues the batch can still know which wallet requested it and a verifier can line that up later. That shifts the debate from "can crypto do this" to "who can correlate the operational exhaust."

Do not accept "attribute only" claims at face value. Ask whether the design leaks a stable key, requires an online provider, or creates issuance logs that can later be joined with verifier records.

Attribution:

Aaargh20318 #1 #2
Aurornis #1
pseudalopex #1
jcgl #1
MyMemoryfails #1

Content labeling beats identity checks

A cleaner design emerged from the comments: make sites and apps declare what kind of content they contain, then let the client enforce parental policy locally. That preserves the parent or device owner as the decision maker and keeps websites from querying personal traits at all. People noted that this is not a new fantasy. Variants like RTA and ICRA already existed, and TV-style rating systems show the governance pattern is familiar even if adoption has been weak.

If you need to support child safety, push for metadata about content rather than metadata about users. That keeps compliance work on classification and controls instead of building identity rails into your product.

Attribution:

mindslight #1 #2
drdexebtjl #1
autoexec #1
choo-t #1
AnthonyMouse #1

Open computing loses to attestation

Several commenters drilled into the hidden platform consequence of "privacy-preserving" age checks that rely on secure enclaves and remote attestation. Once proof must come from approved hardware and approved software, rooted phones, Linux desktops, custom browsers, and alternative mobile operating systems get treated as suspicious or unsupported. The surveillance story is bad enough, but this is also an industrial policy story where Apple and Google become gatekeepers for basic access to lawful content.

Watch for child-safety requirements that quietly require attested clients. They can become a back door mandate for closed platforms even when the law never says "ban Linux" out loud.

Attribution:

Wowfunhappy #1
drnick1 #1
microtonal #1
palata #1
AnthonyMouse #1

Imperfect enforcement may be the only safe kind

The most pragmatic pro-implementation argument was that age controls should work like offline vice rules. Scratch cards, single-use codes, or other shareable tokens are not airtight, and that is exactly the point. Once a scheme tries to stop all sharing and all circumvention, it tends to demand identity linkage and surveillance. A system that can be bypassed with effort may still change defaults, reduce casual access, and avoid treating every adult as a suspect.

When evaluating policy, reject requirements framed around total effectiveness. The demand for perfect enforcement is what turns a limited gate into a surveillance system.

Attribution:

john_strinlai #1 #2
sdeframond #1
palata #1
triceratops #1

Social media is now civic infrastructure for kids

One practical wrinkle was that social media is not just entertainment anymore. Sports teams, youth groups, and local organizations increasingly use Instagram or Facebook as their communication layer, which means age-gating those services can spill into ordinary participation in school and community life. That makes the policy broader than porn access and exposes how much basic coordination has been outsourced to ad-driven consumer platforms.

If your organization serves families or communities, stop relying on mainstream social platforms as the only coordination channel. Email, text, or dedicated tools reduce the pressure to force minors onto age-gated services.

Attribution:

krupan #1
al_borland #1
asdff #1

Against the grain

Child harm is real, not just pretext

A minority pushed back on the idea that this is only about control. They argued that constant exposure to pornography, predatory contact, and manipulative feeds is a genuine policy problem, and that leaving all filtering to parents has not worked because platforms actively undermine those controls. From this view, making providers share responsibility is legitimate even if many current implementations are bad.

Do not dismiss the underlying child-safety case if you want credibility in this debate. Separate opposition to surveillance-heavy implementations from denial that online products can harm minors.

Attribution:

gampleman #1 #2
CPLX #1

Surveillance outrage is selective

A few commenters argued that people reserve their privacy absolutism for porn and age-gated sites while tolerating far worse tracking from ad tech, smartphones, cars, financial systems, and AI companies. That does not redeem age verification, but it does expose a weak flank in the anti-AV posture. If the objection is really mass surveillance, it should also be aimed at the broader commercial stack already profiling users every day.

If privacy is the principle, apply it consistently. Tie opposition to age verification to a wider program against surveillance capitalism or the argument will look situational.

Attribution:

palata #1 #2
pseudalopex #1

Client-side controls are easy to bypass

Even some people who liked browser or OS level controls warned that the bypass story is being understated. Custom browsers, app installs, and kid-to-kid workaround sharing can spread fast. One teacher noted that elementary school students already route around school restrictions in creative ways. That does not kill the model, but it does puncture the idea that local controls are a nearly complete answer.

Do not oversell parental-control architectures as a solved technical fix. Plan for circumvention, and sell them as friction and policy tools rather than hard barriers.

Attribution:

tarentel #1
cogman10 #1
Wowfunhappy #1 #2

In plain english

EU ↩

European Union, the political and economic bloc of European countries that creates shared laws and standards.

ICRA ↩

Internet Content Rating Association, a system for websites to self-label content for filtering and parental control tools.

Linux ↩

A family of open source operating systems commonly used on servers, desktops, and embedded devices.

remote attestation ↩

A process where a device proves to a remote service what hardware and software it is running, so the service can decide whether to trust it.

RTA ↩

Restricted to Adults, an older web labeling standard for marking adult content so filters and parental controls can react to it.

Reference links

Standards and specifications

AAMVA 2020 DL/ID Card Design Standard
Used to explain what data is encoded in North American driver license barcodes and how stores scan them.
RTA Label
Cited as an existing web content labeling system that could support parental controls without identity checks.
ICRA for webmasters
Another older content rating system mentioned as precedent for client-side filtering.

Background articles and explainers

OpenAI approach to age prediction
Referenced as an example of behavioral or model-based age estimation instead of hard ID verification.
Wikipedia on Association of Sites Advocating Child Protection
Linked as context for existing adult-site content labeling efforts.
Wikipedia on V-chip
Provided as an example of a long-running parental control mechanism in consumer devices.
Wikipedia on Four Horsemen of the Infocalypse
Linked to frame child protection arguments as a recurring justification for restrictions on digital freedom.

Miscellaneous references

Smithsonian on doppelgängers sharing DNA
Used in a side discussion about how much visual resemblance matters for physical ID checks.

What we call "age verification" is actually mass surveillance

Discussion mood

Key insights

Against the grain

In plain english

Reference links

Standards and specifications

Background articles and explainers

Related news and discussion

Miscellaneous references