We all want to prevent children from being harmed on the Internet, but exactly how to do this without creating even more problems for them and for adults has turned into quite a complicated and political situation.
There have been broad concerns that various website age verification systems could be privacy invasive, ineffective, and in some cases actually might cause even more harm to children than not having the verifications there in the first place. And now with more and more of these systems appearing — the Supreme Court just declared them legal for states to require for commercial porn sites — we’re starting to see various of these predictions coming true.
Remember that age verification systems — whether for porn sites, or social media sites, or pretty much any site like the situation in China where virtually all Internet usage can be tracked by the government — doesn’t only affect children and teens. No matter your age, you have to prove you’re an adult for access. And that opens up tracking possibilities that many politicians in both parties would love to have here in the U.S, with various state and federal legislation already in place or in litigation. And this quickly creates a situation where your basic privacy involving what sites you visit, what topics you research, what videos or podcasts you view or listen to, on and on, may be seriously compromised in ways never possible before now.
There have already been breaches of age verification systems that publicly exposed users’ identity credentials, a treasure trove for crooks. We can reasonably expect directed hacking attacks at these systems as they expand, and if history is any guide many will be successful. Some of these systems use government credentials, some require credit cards, some are using systems to estimate your age from your face, or by how long you’ve been using a particular email address, and so on.
Many adults who don’t want to hand over a credit card or their driver’s license — and their privacy — to these firms have already found various bypass mechanisms, and it appears that — as expected — kids are already WAY AHEAD of adults at this.
A broad age verification law just took affect in the UK a handful of days ago and is already being widely breached, with it trivially easy to find public discussions with users trading bypass hints and tricks. The degree to which these systems are political theater is emphasized by rules that for example order sites not to tell users that they could use VPNs to bypass the checks in many cases — as if VPNs haven’t been used to bypass geographic restrictions for many years — and most age verification systems are geographically based.
But it actually gets even more bizarre. Some of these age verification systems do indeed try to estimate your age from your face as seen on your camera. Of course if you don’t have a camera on your device or don’t want your face absorbed by these systems you’re out of luck in this respect. For that new UK age verification system, kids very quickly realized they could use a video game that generates very realistic faces to bypass the age verification system. And of course as the nightmarishly advanced AI-based video generation systems continue to evolve — we know where this is headed.
The worst part about all this is that age verification systems broadly applied as some politicians desire, not only have the potential to cut children off from the ability to access crucial information about their own health and safety in cases of abuse, but could actually drive children to all manner of disreputable sites — the kind that can pop up and vanish quickly — that could potentially do them real harm but will never abide by age verification rules.
Age verification seems like an obvious solution to a range of Internet-related problems. But the reality is that many observers feel that it creates more problems than it solves, creating new hacking opportunities and privacy risks, and that in many cases the kids will find ways to bypass it anyway. When trying to fix a complicated problem on the Internet, or anywhere else, the first step probably should be, “Try not to make things even worse.” An idea worth keeping in mind.
–Lauren–