Mullvad’s post is a warning shot against the current wave of age-verification laws aimed at social media and adult content. The core claim is simple. Once a service has to know whether you are old enough, it often ends up knowing who you are. That breaks anonymous access, chills speech, and creates fresh surveillance infrastructure that governments and platforms will be tempted to reuse. The article does acknowledge zero-knowledge proof approaches, especially the European Union’s pitch for privacy-preserving age verification, but argues that the real systems being deployed still tend to preserve a fallback to identity-based checks and normalization of account-linked access.
For executives, this is less about child safety than about where trust and control move next: into operating systems, identity providers, and app gatekeepers that can reshape who gets to participate online and on what terms.
Wary and distrustful. Most commenters saw broad age verification as a surveillance risk and a gift to big platforms or governments, but a meaningful minority supported OS-level or privacy-preserving approaches as a pragmatic way to help parents without forcing every site to collect IDs.
01 California’s law appears narrower than the article suggests.
Several commenters pointed out that AB 1043 asks operating systems to collect an age band at setup and expose that bucket to apps, which is closer to parental controls plumbing than identity verification. That reframes the policy question from “should sites scan IDs” to “should devices carry an age signal,” which is a materially different privacy and implementation problem.
Not every age-assurance law is an ID-check law. The real design choice is local device gating versus network-wide identity collection.
02 Parents do not actually have robust tools today, and that vacuum is driving support for bad policy.
People with direct experience said kids bypass device controls, pick up old phones, trade devices, or use friends’ hardware, while mainstream platforms make whitelisting contacts and groups far harder than blocking everything. That experience made some people open to stricter controls, but others argued it strengthens the case for better OS-level controls and signed local attestations rather than selfie checks and passport uploads to random vendors.
Weak parental tooling is the opening that turns a product-design failure into a surveillance policy fight. Fix the control plane upstream or someone else will centralize it for you.
03 The more convincing case against the status quo was not “save anonymity at all costs” but “platforms created this mess and now want others to absorb the cost.
” Commenters described social apps as intentionally hostile to parental oversight, optimized for engagement, and happy to profit from children until regulation arrives. Some went further and said the cleanest fix is to attack the business model itself by banning or pricing out ad-funded algorithmic social media, which would reduce both child exposure and the need for identity-heavy enforcement.
Age checks are a downstream patch on a broken incentive system. If the business model stays intact, expect more control layers and little real improvement.
04 A recurring technical alternative was to label content and let clients enforce policy locally.
Commenters revived older ideas like content-rating headers, browser or OS age flags, and parent-controlled filters, arguing that the web already has architectural room for machine-readable age metadata without universal identification. The interesting part was not nostalgia. It was the claim that lawmakers are skipping simpler decentralized mechanisms in favor of systems that consolidate leverage in platforms, operating systems, or states.
There are lighter-weight technical patterns than identity verification. The fact they are not the default tells you this fight is partly about control, not just child safety.
01 Some people argued the privacy panic is obscuring a legitimate child-safety problem.
Their view was that the internet should not be treated as magically exempt from age-gated rules that already exist for alcohol, pornography, and other harmful products, and that parents alone cannot realistically police a networked environment their children inhabit through peers, schools, and countless devices. This does not endorse broad surveillance, but it does reject the idea that “just parent better” is a serious policy answer.
The strongest pro-regulation case is not censorship. It is that society already age-gates harmful environments and the online world should not get a free pass.
02 A few commenters said privacy-preserving age verification is technically real and should not be dismissed as impossible theater.
They pointed to zero-knowledge proof style systems and issuer-signed age tokens that can prove “over 18” without revealing identity, provided issuers, storage, and token reuse rules are designed correctly. The challenge is political and operational trust, not a missing cryptographic primitive.
The hard part may be governance, not math. If the implementation is honest, privacy-preserving age proofs are feasible.
03 Another dissenting line was that people are over-romanticizing the current internet.
On this view, the open web has already been replaced by giant log-in silos, algorithmic feeds, and TV-like slop, so refusing any regulation in the name of a “free internet” mostly protects a status quo that is already degraded. That does not make bad implementations good, but it does weaken the argument that current norms are worth preserving untouched.
Defending the current internet as inherently free is strategically weak. Many users already experience it as controlled, commercial, and closed.