
























Building a global trust infrastructure for age verification is not feasible at internet scale in the short term, and enforcing such a system across jurisdictions would be complex. Large-scale age-assurance risks compromise privacy, exclude users, and fail to reliably prevent online harm to children. These warnings come from an open letter dated March 2, 2026, signed by 438 security and privacy scientists and researchers from 32 countries, calling for a pause on deployment as regulators move to introduce age-based controls online.
In India, Andhra Pradesh is considering restricting access to social media for children under 16 through DigiLocker-linked age tokens, a move that reflects similar concerns about feasibility and scalability.
Age checks can be bypassed: Age assurance systems are easy to circumvent in practice. They point to the use of VPNs, borrowed or purchased credentials, and AI tools—such as deepfakes or generated profiles—that can alter appearance. Parents help children bypass checks, and black markets for verified accounts emerge soon after authorities introduce controls.
Age estimation and inference risks: They argue that these methods rely on sensitive data such as biometrics, behavioural signals, and contextual information. This expands data collection, including data from children. The letter states that these systems are prone to high error rates and can be biased against certain groups.
The risk of reduced online safety: The letter warns that restricting access via age checks may push users towards alternative or fringe platforms that lack safeguards. This, they say, could expose users to scams, malware, and reduced protections. They also highlight that circumvention tools, such as insecure VPNs, may introduce additional risks. Further, they caution that “verified” child-safe spaces could still be infiltrated by adults.
Expanding privacy concerns: Age assurance would significantly increase data collection by online services. This includes risks of misuse by providers, access by third parties, and data breaches. Experts cite past incidents where systems exposed sensitive data, such as ID images. For example, the October 2025 data breach at Discord exposed 70,000 images of users’ government IDs used for age verification.
Exclusion and discrimination: They argue that requiring proof of age would exclude many users from accessing online services. This includes those without valid identification, access to compatible devices, or adequate digital literacy. Groups such as elderly users, migrants, and economically disadvantaged individuals may face disproportionate impacts. The letter says such users may be forced into insecure alternatives or left without access altogether.
Broader legacy systems: Age assurance systems often link to broader identity infrastructures that extend beyond age verification. They warn that such systems would enable an increase in tracking and profiling over time. As more services adopt these mechanisms, they say risks to privacy and equality will grow.
Centralisation of control: Age-based access controls would concentrate power with governments, platforms, and software providers. This could allow these actors to influence the content users can access. The signatories warn that such systems could serve purposes beyond child safety, including restricting access to certain types of content. They also say these systems runs counter to the decentralised design of the internet.
Limits of privacy-enhancing technologies: While acknowledging that privacy-enhancing technologies can mitigate some risks, the letter says they do not address broader concerns. It notes that such systems may increase dependence on a small number of providers and exclude users without access to compatible devices.
Call for a pause: The signatories say there is no clear scientific evidence that age-based restrictions improve outcomes for children. They urge a moratorium on deployment until researchers better understand the benefits and harms. They also suggest exploring alternative approaches, including regulating platform design and supporting parental controls.
Why this matters for India: India’s push toward age-gating is no longer isolated. Andhra Pradesh is exploring DigiLocker-linked age tokens, while Karnataka and Goa have proposed a ban on social media use for children under 16. At the Centre, the Ministry of Electronics and Information Technology (MeitY) has held multiple consultations with platforms and stakeholders to assess the technical feasibility of restricting access based on age.
However, the open letter’s concerns align closely with this trajectory. It warns that such systems are easy to bypass, can push users to unregulated or offshore platforms, and may expand data collection through ID-linked verification while excluding users without access to documents or devices. It also flags risks of centralised control over online access.
Crucially, evidence from India’s own policy experience suggests the need for caution. Following the ban on real money gaming (RMG), users reportedly migrated en masse to offshore platforms. A CUTS survey of Delhi users found a 13.7% absolute increase in offshore platform usage. The comparison underscores a key point: blanket digital prohibitions often fail in practice, even as their risks increase.
Also read
For You
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。