The motivation behind these laws is real and widely shared: keeping children away from pornography and other adult content. That goal commands broad public support, and this post takes no issue with it. The question worth examining isn't whether protecting minors matters — it plainly does — but what the chosen mechanism costs everyone else, and whether the privacy harms are being weighed honestly against the intended benefit.
A Patchwork Becoming a Wall
Over the past few years, age-verification mandates have gone from rare to common. In the United States, Louisiana passed a law in 2022 requiring age verification for sites hosting a significant amount of adult material, and a long list of other states followed with their own versions. In 2025, the U.S. Supreme Court, in Free Speech Coalition v. Paxton, upheld a Texas age-verification statute against a First Amendment challenge, a ruling that removed a major legal obstacle and signaled that more such laws would survive in the courts.
Across the Atlantic, the United Kingdom's Online Safety Act requires services to use what the regulator Ofcom calls "highly effective age assurance" for pornographic content, with enforcement phasing in over 2024 and 2025. The European Union has been developing age-verification approaches connected to the Digital Services Act. The specifics differ by jurisdiction, but the direction is unmistakable: checking visitors' ages is shifting from optional to legally mandatory across much of the democratic world.
The Methods, and What Each One Leaks
"Verify age" is an instruction, not a method. In practice, sites reach for one of a handful of techniques, and each carries a distinct privacy footprint.
| Method | How it works | Privacy exposure |
|---|---|---|
| Government ID upload | You photograph a passport or license | High — full legal identity, document image |
| Credit card check | A card is used as an adulthood proxy | High — financial identity, not even reliable |
| Facial age estimation | An algorithm guesses age from a selfie | Medium — biometric capture, error-prone |
| Third-party "age token" | A separate provider vouches you're of age | Depends — shifts trust, can be privacy-preserving |
The crude approaches are the most common and the most dangerous. Uploading a government ID to a website means that site — or whatever contractor it hired to process the check — now holds an image of your passport linked to the fact that you visited it. Credit-card checks are both privacy-invasive and weak as actual age proof, since plenty of minors can access a card and plenty of adults would rather not hand their card number to a content site.
Most age-verification methods don't answer the narrow question "is this person an adult?" They answer the much broader question "who is this person?" — and then infer age from the identity. That over-collection is the entire privacy problem in one sentence.
The Honeypot You Didn't Ask For
Every age-verification system that stores or logs identity documents becomes a target. A database that links real names, ID photos, and browsing of sensitive content is among the most damaging things an attacker could steal — far more so than yet another list of email addresses. The harm isn't hypothetical extortion in the abstract; it's the specific, intimate kind that pairs a legal name with what someone watched.
Proponents respond that verification can be done without retention — check the ID, return a yes/no, delete the document. Some implementations genuinely try. But "we promise to delete it" is a policy, not a guarantee, and the history of data collection is a history of data that was supposed to be transient turning out to be logged, cached, sold, or breached. The only data that can't leak is the data that was never collected.
A verification system that has to be trusted not to retain your ID has already conceded the game. The privacy-preserving designs are the ones where the site is technically incapable of learning who you are — not the ones that promise restraint.
Can It Be Done Without the Surveillance?
Encouragingly, cryptography offers ways to prove a fact about yourself without revealing the underlying identity. The relevant tool is the zero-knowledge proof: a method for demonstrating that a statement is true — "the holder of this credential is over 18" — without disclosing anything beyond the statement itself, not your name, not your birthdate, not your document.
In a well-designed scheme, a trusted issuer (say, a government or bank that already knows your age) gives you a cryptographic credential. When a site asks, your device generates a proof that you hold a valid "over 18" attestation, and the site learns only that single bit. Done right, the site can't identify you, and the issuer can't see which sites you visit — the two pieces of information are never in the same place. Emerging digital-identity frameworks and "selective disclosure" credential standards are moving in this direction, and major platforms have begun shipping age-signal APIs intended to share a range rather than a precise identity.
The catch is that good design is not the default. A statute that simply demands "effective age verification" exerts no pressure toward the privacy-preserving version; the cheapest path to compliance is often an ID-upload form bolted on by the lowest bidder. Whether these laws end up protecting children at acceptable cost or building a sprawling identity-checkpoint layer over the open web depends almost entirely on implementation details the laws themselves rarely specify.
The Chilling Effect Nobody Tallies
There's a cost that doesn't show up in any breach report: the lawful adult who simply doesn't visit, doesn't read, doesn't speak, because doing so now requires surrendering identity at the door. Anonymity has long been recognized as protecting legitimate activity — whistleblowing, exploring stigmatized health questions, dissent, ordinary private curiosity. When every gate demands papers, some people stop walking through gates at all, and the content they avoid is not only the content the law targeted.
This is why digital-rights groups have challenged these laws even while acknowledging the goal behind them. The disagreement is rarely about whether minors should be protected. It's about whether the price — a verified-identity layer over swaths of the internet, new honeypots of the most sensitive data imaginable, and a chilling effect on lawful adults — is proportionate to what the mechanism actually achieves, especially when determined minors can route around it with the same tools that protect everyone else's privacy.
What You Can Do Now
While the legal and technical landscape settles, a few practical principles reduce your exposure:
- Prefer verification that doesn't retain documents. If a service offers a privacy-preserving option or a reputable third-party token over a raw ID upload, take it.
- Be wary of unknown intermediaries. A no-name "age check" vendor asking for your passport photo is exactly the kind of data handler most likely to leak it.
- Compartmentalize. The same logic behind email aliases and threat modeling applies: limit how much any one identity check can connect to the rest of your life.
- Support privacy-preserving standards. The difference between a surveillance checkpoint and a single-bit proof is policy and engineering choices being made right now.
The goal of keeping children safe online is legitimate and worth pursuing. The mechanism currently winning by default — collect identity, infer age, hope the database holds — solves the stated problem by manufacturing a much larger one. The better path exists in the cryptography; the open question is whether the laws will ever require it. At Haven we build on the same principle these systems should adopt: the data you never collect is the data that can never be turned against the person who trusted you with it.