Age verification will turn the internet into a surveillance checkpoint

Age verification is turning online access into identity checks that weaken anonymity and privacy.

The push for age verification will decimate online privacy by forcing identity checks into ordinary internet use.

Age checks are not a narrow safety tool

Supporters of age verification frame it as a modest fix for a real problem: children can stumble into harmful content, and platforms have often done too little to stop it. That framing is too neat. In practice, the policy does not simply ask whether a user is old enough. It asks a platform to know who a user is, or to route that user through a third party that knows who they are. That is a profound change in the architecture of speech online.

Australia shows the gap between the promise and the result. Its under-16 social media ban, launched in December 2025, was supposed to keep young users off major platforms. Government research later found that roughly seven in 10 kids were still using social media, and a British Medical Journal study found little evidence of an immediate substantive drop in reported use among under-16s. In other words, the policy has already imposed new identification demands without delivering the safety benefit it advertised.

Verification systems create a new privacy supply chain

The real danger is not only that platforms collect more data. It is that age assurance creates a new chain of custody for extremely sensitive information. Users may be asked for a face scan, a government ID, or a banking connection, and then handed off to a verification vendor they have never heard of. Once that data leaves the platform, the user has to trust the platform, the vendor, the vendor’s jurisdiction, and the vendor’s security practices.

That trust is not theoretical. Before Australia’s ban even took effect, Discord suffered a breach tied to its age-assurance complaints process, exposing government ID images, names, usernames, email addresses, and some billing data for nearly 70,000 Australians. Australia also warned that age verification could invite phishing attempts, since scammers can exploit confusion around the process. The lesson is simple: when you build a system that requires people to hand over identity documents to participate in public life, you also build a system worth attacking.

Profiling speech changes speech

Age verification does more than collect data. It changes behavior. If a platform can infer your age from existing records, or if it must classify you through a verification process, then it is profiling you before you speak. That matters because anonymity is not a luxury feature of the internet. It is what lets people discuss abuse, addiction, illness, politics, and other vulnerable subjects without first asking a corporation or government to certify their identity.

The Australian Human Rights Commission captured the core problem: even when users are not sent through a separate check, the platform still uses what it already knows about them to make the call. That means the system is not really about access control for a small group of minors. It is about normalizing identity-based participation. Once that norm is in place, the chill is unavoidable. People speak differently when they know they are being sorted, tracked, and retained.

The counter-argument

The strongest defense of age verification is that children really are exposed to harmful material online, and lawmakers have a duty to act when platforms fail to protect them. That concern is legitimate. Parents cannot manage every feed, every app, or every algorithmic recommendation, and years of voluntary promises from tech companies have not solved the problem.

Advocates also argue that better verification can be designed with privacy in mind. Data can be destroyed after use, vendors can be audited, and platforms can rely on age signals rather than full identity documents. On this view, the answer is not to reject age checks outright but to improve them until they are safer.

That rebuttal fails because the core mechanism is the harm. A system that determines whether someone may speak by requiring identity proof is not a privacy-preserving side project, it is a surveillance architecture. Even if some vendors minimize storage, the model still expands data collection, creates breach and phishing risk, and invites governments to widen the scope over time. The Australian experience already shows how fast that logic spreads, and the UK’s interest in age-gating VPNs shows where it leads next: more control, less anonymity, and more pressure on everyone who wants to use the internet without presenting papers.

What to do with this

If you are an engineer, build for age-appropriate design without creating identity traps: minimize data collection, avoid ID-based gates unless the law leaves no alternative, and push for on-device or zero-knowledge approaches where possible. If you are a PM or founder, treat anonymity as a product requirement, not an edge case. If you are a policymaker or advocate, stop pretending that age verification is a small compliance tweak. It is a structural change to the public square, and once the identity layer is mandatory, privacy will be the first casualty.