惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
A
About on SuperTechFans
IT之家
IT之家
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Blog — PlanetScale
Blog — PlanetScale
aimingoo的专栏
aimingoo的专栏
云风的 BLOG
云风的 BLOG
The GitHub Blog
The GitHub Blog
Vercel News
Vercel News
G
Google Developers Blog
J
Java Code Geeks
宝玉的分享
宝玉的分享
T
Tailwind CSS Blog
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
MyScale Blog
MyScale Blog
H
Heimdal Security Blog
PCI Perspectives
PCI Perspectives
Attack and Defense Labs
Attack and Defense Labs
S
Security @ Cisco Blogs
Latest news
Latest news
I
Intezer
L
Lohrmann on Cybersecurity
C
CXSECURITY Database RSS Feed - CXSecurity.com
月光博客
月光博客
T
Threatpost
博客园 - 【当耐特】
S
Schneier on Security
P
Privacy International News Feed
G
GRAHAM CLULEY
T
Tenable Blog
AWS News Blog
AWS News Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
雷峰网
雷峰网
博客园 - Franky
Engineering at Meta
Engineering at Meta
美团技术团队
S
Secure Thoughts
T
Troy Hunt's Blog
Microsoft Security Blog
Microsoft Security Blog
SecWiki News
SecWiki News
V
Visual Studio Blog
人人都是产品经理
人人都是产品经理
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Cisco Talos Blog
Cisco Talos Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Martin Fowler
Martin Fowler
Webroot Blog
Webroot Blog
Google DeepMind News
Google DeepMind News
H
Hackread – Cybersecurity News, Data Breaches, AI and More

The Verge

The Verge The Verge The Verge The Verge The Verge The Verge The Verge The Verge The Verge The Verge The Verge Govee’s multicolor ceiling light doubles as a low-res screen Spotify is partnering with Peloton for guided workouts The plan to quietly kill Coyote v. Acme blew up in David Zaslav’s face AirPods, Touch Bars, and the rest of Tim Cook’s legacy I don’t think Gwyneth Paltrow knows what a peptide is Brendan Carr’s war on wokeness targets inclusive children’s television Anthropic’s Mythos breach was humiliating Ikea’s new inflatable chair doesn’t look like an inflatable chair Inside Microsoft’s wave of executive departures Netflix can’t seem to follow-up its biggest shows The Iranian women Trump ‘saved’ from execution are simultaneously real and AI-manipulated Elon Musk admits that millions of Tesla vehicles won’t get unsupervised FSD Tesla’s revenue rises again as it prepares for more AI and robotics Former MrBeast exec sues over ‘years’ of alleged harassment Watch Sony’s elite ping-pong robot beat top-ranked players Anthropic’s Mythos rollout has missed America’s cybersecurity agency Will a new CEO realize Apple’s smart home potential? It’s amazing how good Alienware’s $350 OLED monitor is Call of Duty never made much sense for Xbox Game Pass BMW’s flagship 7 Series gets its ‘Neue Klasse’ upgrade The year’s weirdest game is hard to explain and even harder to put down Behind the unraveling of Dan Crenshaw First vacuums — then the world SpaceX cuts a deal to maybe buy Cursor for $60 billion We translated the Palantir manifesto for actual human beings ISS astronauts are getting new laptops Tim Cook was an innovator — just not the Jobs kind AI backlash is coming for elections OpenAI’s updated image generator can now pull information from the web Framework’s Laptop 13 Pro launch event X makes it 1,900 percent more expensive to post links Framework announces Laptop 13 Pro, ‘the MacBook Pro for Linux users’ Framework’s first eGPUs turn its laptop into a desktop PC Blue Origin successfully reused its New Glenn rocket Cloud development platform Vercel was hacked The RAM shortage could last years Judge rules Trump administration violated the First Amendment in fight against ICE-tracking Cheap stuff that doesn’t suck, take 3 Dyson’s handheld fan is more powerful and louder than I expected There’s nothing like an RPG over vacation The AI apps are coming for your PC The best budget smartphones you can buy Dairy Queen is putting an AI chatbot in its drive-thrus The AirPods Pro 3 are $50 off right now, nearly matching their best-ever price Ghost orchid in the machine The South Korean president is doing quote-post diplomacy Peloton, stay in your lane The ‘AI is inevitable’ trap The creative software industry has declared war on Adobe Gucci-branded Google smart glasses are coming next year Ballmer gives $80 million to NPR, with strings attached Netflix embraces vertical video with major mobile app update Netflix cofounder Reed Hastings is officially leaving the company Live Nation says it will fight monopoly suit loss Ozlo’s comfy Sleepbuds are nearly 30 percent off in the run-up to Mother’s Day Teenage Engineering might be getting into instrument amps next The only way to fight deepfakes is by making deepfakes Casely has reannounced a power bank recall from 2025 following a fatality How Netflix made us fall in love with K-dramas It’s slushy season, and Ninja’s frozen drink machine is nearly half off Roku hits a major milestone with 100 million households Ronan Farrow on Sam Altman’s “unconstrained” relationship with the truth Character.AI’s new Books mode turns reading into roleplay The Cybertruck of e-bikes is here to replace your car Moft adds a tracker and shutter button to its magnetic tripod wallet Canva’s AI 2.0 update goes all in on prompt-powered design tools Meta blames RAM shortage for $100 Quest 3 price hike Intel’s cheaper Panther Lake chips are for budget-friendly laptops DJI’s Osmo Pocket 4 camera is better at capturing slo-mo footage and photos Govee’s new LED Lightwall comes with its own self-standing frame Spotify just won $322 million from music pirates it can’t find YouTube now lets you turn off Shorts Ford’s EV and software chief Doug Field is leaving the company Trump’s posting even more AI-generated Trump-Jesus fan art Ticketmaster is an illegal monopoly, jury finds FTC pushes ad agencies into dropping brand safety rules Ikea’s smart donut lamp is a sweet treat Google launches a Gemini AI app on Mac Microsoft counters the MacBook Neo with freebies for students Best Buy’s Ultimate Upgrade Sale features deals on dozens of our favorite gadgets The Senate is voting to save free IRS Direct File today The Verge The Verge The Verge You can grab a refurbished 2021 Kindle Paperwhite starting at just $49.99 The Hisense UR9 is a great first shot against OLED’s bow How AT&T created the most iconic phone ever The AI code wars are heating up Allow me to explain why I love this camera that can’t shoot color
Age verification is a mess but we’re doing it anyway
Emma Roth · 2026-04-16 · via The Verge

In the span of a few years, age verification went from an idea to standard practice on large parts of the internet. Seeking to prevent kids from accessing porn, other inappropriate content, or social media altogether, laws mandating age-gating have spread rapidly across the globe, reaching the UK, the US, Australia, France, Brazil, and many more countries. The problem comes in with exactly how to check that a user isn’t lying about their stated age. Unfortunately, every method politicians have settled on has significant flaws — and though experts have ideas to improve on them, these remain just concepts for now.

One popular method is age inference, which uses AI to “guess” the age of users based on their activity on a specific platform. Another is third-party services that promise to prioritize user privacy. A third is having app stores and operating systems perform age checks before users can download apps. But each of these methods comes with significant tradeoffs, even as new rules are forcing platforms to deploy them at scale. It’s 2026, and we’re living on an increasingly age-gated internet, but the right tech still isn’t there.

It starts with age inference

Before scaring away users by asking for an ID or face scan, many platforms try to guess their age using data that’s already on file. Meta, for example, uses an AI-driven system to identify and place teens on Instagram into more restrictive accounts. Google and YouTube also started scanning accounts for users suspected to be under 18, while Discord is planning to roll a system out later this year.

Inference systems look at a variety of signals. A simple one is account age — if you joined Instagram 18 years ago, for instance, you’re probably over 18. Others are more speculative. YouTube uses AI to analyze the types of videos you’ve searched for. Discord has said it will use device and activity data, along with “aggregated, high-level patterns across Discord communities,” while Instagram may flag an account if someone wishes them a “Happy 14th birthday” on a post.

Ideally, the upside to inference is that nobody has to provide extra data. Discord has said most users won’t be impacted by its incoming age verification rollout because of its age-guessing AI system. “You don’t need to know who someone is in order to figure out their age, so that’s why, in theory, age inference technologies can be less privacy invasive,” Cobun Zweifel-Keegan, managing director at the International Association of Privacy Professionals, tells The Verge.

But age inference alone often can’t reliably predict someone’s age, and may not meet the bar set by government regulators. When the system is unsure about someone’s age — or falsely declares them a minor — users are asked to divulge personal data about themselves anyway.

Passing on personal data

To verify someone is at least 18, an age-gating system typically needs to collect revealing details about them, and that raises a whole new set of privacy tradeoffs. A government-issued photo ID, for instance, is a highly accurate age indicator but causes severe problems if it’s exposed in a data breach, something that’s happened multiple times. Third-party vendors like k-ID, Persona, and Yoti can save every company from needing to run its own system and let them offload some risk. For users, there’s still a fundamental security problem that these services are attempting to mitigate, but haven’t solved.

Scanning a user’s face and automatically determining their age range has become a popular alternative to photo IDs. It doesn’t require collecting a legal document, and it can even be conducted on the user’s device, so no identifying information gets stored somewhere it might leak.

“If we could run [on-device] effectively on a phone, I would do it in a heartbeat, but it’s not currently feasible.”

Unfortunately, as noted by the Electronic Frontier Foundation, face-based age estimation remains often inaccurate — especially for people of color and women — and has been tricked with a variety of methods, including by using the face of a video game character, like Death Stranding’s Sam Porter Bridges. If face scans hypothetically leaked, powerful third-party facial recognition tools could potentially identify people through those, too.

Meanwhile, on-device verification — while touted as more private than sending information to a server for analysis — faces its own set of problems. Rick Song, CEO of Persona, says server-side authentication is often preferred because it’s easier to poke holes in on-device systems. Bypassing on-device systems is “relatively easy, which is why everything started moving toward servers,” Song says, despite the fact that on-device systems would be cheaper to run for companies like Persona. “If we could run [on-device] effectively on a phone, I would do it in a heartbeat, but it’s not currently feasible.”

Another drawback to on-device verification — at least in Song’s view — is that older phones may not be powerful enough to run the AI models used to analyze a user’s face. “A huge percentage of the world is still on older Android devices, and a huge percentage of the world is on pre-iPhone 10,” Song adds. “Their device can’t even run the model, so you get this bifurcation in which only people with newer devices get more privacy, and people without them don’t.” Those people would still need to upload an ID, with all the security risks that entails.

Putting device makers on the spot

Increasingly, law- and policy-makers have settled on a seemingly elegant solution to age-gating: just make app stores do it. Under these proposals, app store owners would be obligated to verify the age of users before they can download or purchase apps. The idea is backed by tech companies that include Meta, Spotify, Match, and Garmin, who argue that having a single point of age verification is more efficient than checking ages on a platform-by-platform basis.

Proponents of these rules typically focus on Apple’s iOS App Store and Google’s Android Play Store, but other operating systems are in the mix too — which is where things get particularly complicated. Under California’s Digital Age Assurance Act, for instance, operating systems like Windows, macOS, and Linux must ask users for their birth dates when setting up the device starting in 2027. The operating system is then supposed to pass on a “signal” containing a user’s age range to the apps offered inside the system’s app store.

This puts open-source operating systems, like various flavors of Linux, in a precarious position, as most currently don’t force users to create an account that could store and pass along a user’s age. The developers behind popular Linux distros are grappling with the new requirements. GrapheneOS, a privacy-focused version of Android, has drawn a line in the sand: it won’t mandate age verification, and if its devices “can’t be sold in a region due to their regulations, so be it.” Moreover, it’s not clear whether app store-level age verification laws apply to Linux repositories, like APT or Pacman.

The fractured landscape of age verification laws isn’t making it any easier for tech companies to navigate, either. Like California’s age verification law, Texas and Louisiana have enacted legislation to put age checks at the app store level. Other states, though, like Tennessee, Florida, and Virginia, are going after the platforms themselves. Both approaches are struggling to withstand constitutional scrutiny, with laws on either side getting blocked by federal courts.

“It’s not difficult for companies to estimate or verify ages using various technologies,” Zweifel-Keegan says. “They have all sorts of different tools in their tool belts, but it is difficult for the [US] government to require it. Once the government starts saying you have to do it, it actually starts to be subject to First Amendment scrutiny. And so far, we haven’t seen that survive particularly well.”

With a confusing global patchwork of rules, some online platforms, like Discord and Roblox, have introduced verification even where they’re not required to — and with it, the tech’s many tradeoffs.

Isn’t there a better way?

Amid all this, privacy experts are working in the background to develop a method that limits data collection. One option is zero-knowledge proof (ZKP), a cryptographic method that proves someone is over the age of 18 without divulging personal details to a third party, as demonstrated by France’s data privacy agency in 2022. Under this proposed system, the government agency responsible for issuing someone’s ID would give users a proof of age that would signal whether they’re above or under 18, rather than requiring them to disclose their entire birth date or other personal information directly to a website or third party. Users could then store this proof of age inside a digital wallet or another trusted service, allowing them to present it to websites or app stores with verification requirements. Google is one of the companies backing the development of this technology, though it doesn’t come without its flaws.

As pointed out by researchers at Brave, many systems that implement ZKP “may not actually provide zero-knowledge” if they’re set up incorrectly. These systems may also erode privacy if a user is asked to prove that they’re an adult multiple times, especially if a service requires information about their age range. “For instance, a user who first proves their age is between 20 and 22, and then two months later proves they are over 21, has effectively disclosed a narrow interval for their exact date of birth,” Brave Research says.

The European Union, which has been developing specifications for an open-source age verification app, lists ZKP as an “experimental” feature that it will add later. The app, which EU Commission President Ursula von der Leyen says is “technically ready,” will require users to upload their government ID or passport, or verify their age through a bank or school. Once the app verifies their age using the “trusted list” of age verification providers registered with the EU, the app generates a proof of age that doesn’t contain “any ID information to trace the user.” Users can then use the app’s proof of age to access age-restricted platforms.

The Future of Privacy Forum has also highlighted other options, like a system that could perform an initial age check with an ID or face scan, then use it to create a “stable, irreversible cryptographic key” that could be provided elsewhere. Daniel Hales, a policy counsel with the FPF, tells The Verge that this method can be paired with other age verification solutions, including reusable credentials stored on a browser or device. “This can reduce the amount of age checks, but it can also mitigate the risk of shared devices or a certain credential for one person being shared among multiple people,” Hales says.

But these methods are still just concepts. For now, Hales says it’s important for companies and lawmakers to think through “the balancing act of privacy and safety.” It’s one that no policy or age verification provider has nailed yet, and it’s putting all of us at risk while they figure it out.

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

  • Emma Roth