Since the Online Safety Act came into action in the UK on July 25, users have had to verify their age to access content that has been deemed adult.
In addition to adult content requiring age verification, even social media platforms are requiring users to verify that they're over 18 to access some content. This has led to many UK citizens seeking out the best VPNs to circumvent the age verification checks.
So, how does age verification work and which method is the least invasive? Here we explore all the ways sites will ask you to verify your age, and which require you to give up the least personal data.
How can my age be verified?
The Online Safety Act states that age verification methods must be "technically accurate, robust, reliable and fair." This has led to a number of different methods being used by sites to verify users' ages.
Here we take a look at each of these methods, how exactly they work and any potential issues they pose to data safety.
Mobile network operator age checks
This method of age verification is probably the least invasive, but overall may be less accurate.
This method sees you input your phone number to the age verification service, which then runs a check with your mobile network operator to see whether your mobile number has age filters applied to it. If it doesn't, it verifies you as over 18.
There are problems with this approach, however, given that someone could remove age restrictions on a phone number then give that SIM card to someone else.
Additionally, a user may not have bothered to remove age restrictions on their own number, or even know that they have them.
Email-based age estimation
This particular approach involves you inputting your email address to an age verification service, which analyses other online services where you have used this email.
For example, if you use the same email address with your utility company and your bank, it will then verify your age.
This approach has its limitations, as it can't give a definitive age, but instead just a rough estimation. It also does not allow users to use disposable email addresses, such as Apple's Hide My Email service.
This means that if you are using these services to minimize the risk of your personal information getting leaked in a data breach, this may impact the age verification's service ability to estimate your age.
If your age cannot be verified in this way, you may have to verify your age using methods that involve you providing more personal information.
Facial age estimation
This is one of the most common types of age verification, but it has been one of the most controversial due to peoples reluctance to provide scans of their face to adult sites.
This method requires users to scan their face via a photo or video. If you look old enough, you're verified. If you don't, you can verify your age using photo ID, but this has raised some concerns regarding personal data safety.
As well as these concerns around users' likenesses being stored, shared or even used to train AI models, this method is not foolproof. Younger-looking users may be deemed under 18, and the AI scan may not work at all for those with facial differences like scars or birthmarks.
Not only this, but it's far from effective, with some users bypassing this method with Death Stranding's photo mode.
Open banking and credit card age checks
To verify age with this method, users must allow the age verification service to securely access their bank details to prove that they are over 18.
This poses some security issues if the card details are stored by the age verification service. This sensitive information is incredibly attractive to hackers, meaning these verification services may be the target for cyber attacks.
If these details were leaked in a cyber attack, it could have serious ramifications for anyone who had their banking information stolen, for example identity theft or fraud.
Another, similar method is checking credit cards to ensure that they're valid. As you cannot get a credit card until you're 18, a valid check is seen as proof.
This method does require that users share their payment details with a potentially-unknown payment processor, however.
This poses similar issues to providing bank details to verify your age, with the potential impact of data breaches incredibly high.
Digital identity services and photo-ID matching
This duo of age verification techniques revolve around checking various forms of identification to verify your age.
Digital identity services use digital identity wallets that store the same typical information that you would expect to see on traditional ID.
Photo-ID matching requires you to upload an image of a document that shows your face and age, such as a passport or a driving licence, which is then checked against a photo of you.
This has raised huge concerns regarding personal data safety. While some age verification services swiftly delete your personal data – for example, Spotify's age verification partner, Yoti, deletes user data after it's been used to verify their age – the potential data safety risks if age verification services don't do this are huge.
If there was a hack of an age verification service that stored pictures of ID cards, or scans of digital identity cards, this could have a devastating impact for all those who had their information stolen.
The fallout of such a hack could include everything from increased, personalized phishing campaigns, to identity theft and even fraud.
Why are UK citizens trying to circumvent age verification?
Many UK users are refusing to verify their age, and are using VPNs to circumvent the OSA. ProtonVPN alone has seen sign-ups spike by 1,400% since the act's introduction. But why?
Ultimately, it's a matter of privacy and security. In one form or another, verifying your age requires handing over identifiable and personal information to operators who may be based in third countries or have poor privacy policies, or both.
Should there be a data breach, such as the ones that occurred with the Tea app recently which saw pictures of users' government ID cards and faces leaked, this information would then be available for sale. These services would be an absolute treasure trove for hackers, due to the amount and depth of the information stored.
There are also concerns about how the information you provide to verify your age will be stored and shared, leading to some believing that their online browsing habits will be linked with their ID or likeness.
In addition to this, there is strong resistance to the idea that your internet access will be restricted unless your age verified, causing some to see the use of VPNs as an act of justified civil disobedience.
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
