With the rise in age verification laws, like the Online Safety Act (OSA) in the UK and age checks in order to access adult websites in the US, many internet users are having to provide personal information in order to access adult content
However, it's not just adult content that requires age verification. Under some of these laws, like the OSA, some social media platforms are requiring users to verify that they are over 18 in order to view content deemed inappropriate for minors. This has led many citizens impacted by these laws to seek out the best VPNs to circumvent the age verification checks.
How can my age be verified?
The Online Safety Act states that age verification methods must be "technically accurate, robust, reliable and fair."
Meanwhile, House Bill 2112 (the Bill concerning age verification in Arizona), states that "reasonable age verification methods" must be used if more than one third of a site's content could be considered to be "harmful to minors."
There are a number of different methods that can be used by sites to verify users' ages. Here we take a look at each of these methods, how exactly they work and any potential issues they pose to data safety.
Mobile network operator age checks
This method of age verification is probably the least invasive, but overall may be less accurate.
This method sees you input your phone number to the age verification service, which then runs a check with your mobile network operator to see whether your mobile number has age filters applied to it. If it doesn't, it verifies you as over 18.
There are problems with this approach, however, given that someone could remove age restrictions on a phone number then give that SIM card to someone else.
Additionally, a user may not have bothered to remove age restrictions on their own number, or even know that they have them.
Email-based age estimation
This particular approach involves you inputting your email address to an age verification service, which analyses other online services where you have used this email.
For example, if you use the same email address with your utility company and your bank, it will then verify your age.
This approach has its limitations, as it can't give a definitive age, but instead just a rough estimation. It also does not allow users to use disposable email addresses, such as Apple's Hide My Email service.
This means that if you are using these services to minimize the risk of your personal information getting leaked in a data breach, this may impact the age verification's service ability to estimate your age.
If your age cannot be verified in this way, you may have to verify your age using methods that involve you providing more personal information.
Facial age estimation
This is one of the most common types of age verification, but it has been one of the most controversial due to peoples reluctance to provide scans of their face to adult sites.
This method requires users to scan their face via a photo or video. If you look old enough, you're verified. If you don't, you can verify your age using photo ID, but this has raised some concerns regarding personal data safety.
As well as these concerns around users' likenesses being stored, shared or even used to train AI models, this method is not foolproof. Younger-looking users may be deemed under 18, and the AI scan may not work at all for those with facial differences like scars or birthmarks.
Not only this, but it's far from effective, with some users bypassing this method with Death Stranding's photo mode.
Open banking and credit card age checks
To verify age with this method, users must allow the age verification service to securely access their bank details to prove that they are over 18.
This poses some security issues if the card details are stored by the age verification service. This sensitive information is incredibly attractive to hackers, meaning these verification services may be the target for cyber attacks.
If these details were leaked in a cyber attack, it could have serious ramifications for anyone who had their banking information stolen, for example identity theft or fraud.
Another, similar method is checking credit cards to ensure that they're valid. As you cannot get a credit card until you're 18, a valid check is seen as proof.
This method does require that users share their payment details with a potentially-unknown payment processor, however.
This poses similar issues to providing bank details to verify your age, with the potential impact of data breaches incredibly high.
Digital identity services and photo-ID matching
This duo of age verification techniques revolve around checking various forms of identification to verify your age.
Digital identity services use digital identity wallets that store the same typical information that you would expect to see on traditional ID.
Photo-ID matching requires you to upload an image of a document that shows your face and age, such as a passport or a driving licence, which is then checked against a photo of you.
This has raised huge concerns regarding personal data safety. While some age verification services swiftly delete your personal data – for example, Spotify's age verification partner, Yoti, deletes user data after it's been used to verify their age – the potential data safety risks if age verification services don't do this are huge.
If there was a hack of an age verification service that stored pictures of ID cards, or scans of digital identity cards, this could have a devastating impact for all those who had their information stolen.
The fallout of such a hack could include everything from increased, personalized phishing campaigns, to identity theft and even fraud.
Why are citizens trying to circumvent age verification?
Many internet users are refusing to verify their age, and are using VPNs to circumvent these age checks. ProtonVPN alone has seen sign-ups spike by 1,400% since the Online Safety Act's introduction. But why?
Ultimately, it's a matter of privacy and security. In one form or another, verifying your age requires handing over identifiable and personal information to operators who may be based in third countries or have poor privacy policies, or both.
Should there be a data breach, such as the ones that occurred with the Tea app recently which saw pictures of users' government ID cards and faces leaked, this information would then be available for sale. These services would be an absolute treasure trove for hackers, due to the amount and depth of the information stored.
There are also concerns about how the information you provide to verify your age will be stored and shared, leading to some believing that their online browsing habits will be linked with their ID or likeness.
Some age verifications laws, like House Bill 2112 in Arizona, have put in some work to assauge these fears. House Bill 2112 directly states that an "individual's identifying information" must not be transmitted directly or indirectly to any "federal, state, or local government entity."
Additionally, the Bill states that government-issued ID or "a commercially reasonable method" can be used to verify age, but that the age-verification service must not "retain any identifying information of the individual."
However, there are still concerns that these third parties could simply not comply with these requirements, and that internet users could have their personal data and browsing habits leaked.
Additionally, there is a strong resistance to the idea that your internet access will be restricted unless your age is verified, causing some to see the use of VPNs as an act of justified civil disobedience.
We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
