We put far too much trust in the people managing our online data.

For context, in Australia, you have to provide age verification if you want to access social media or porn sites. This has been the case for a couple of years now and I personally find it fucking stupid beyond belief - for a few reasons.

Age verification comprises a full front picture of your face, or in some cases a “video selfie” or picture of a government-issued ID card. This is done through a third-party company, like Yoti, AgeGo, or K-ID, which seem to do this in a privacy-focused way (i.e. deleting your images after they’ve been assessed, only sending back over or under to the site requesting verification, etc.). I have two issues with this:

  1. We are normalising the process of scanning your face whenever you want to use a website that has been blocked. This offers an extremely dangerous opportunity for bad actors to mimic trustworthy services and steal your personal data, including images of your face. If you’re a random porn site, impersonating a company like Yoti is trivial, and your data could be used against you when tied to your browsing habits–potentially even from other sites that share tracking cookies. If we normalise this kind of behaviour, who knows what kinds of new scams will become possible in the future?
  2. It is very easy to get around this. People report extremely simple workarounds such as wearing a mask, using images from a video game, or in some cases just using their real face and the system gets it wrong sometimes. Or you know, just use a VPN.

To anyone remotely switched on, this isn’t a big problem. Funnily enough, the people this is supposed to be protecting, teenagers, won’t have an issue bypassing this. For the vulnerable older demographic, this is actively threatening their privacy. This whole thing is having the complete opposite effect to what it was designed for.

Here’s another reason this is fucked up: this ban doesn’t include all sites. Of course, how could it? No, it blocks popular social media and porn sites: think Facebook, Instagram, Pornhub, etc. In other words, the kinds of sites that have a solid reputation anyway are the ones being blocked. So if you want to get around this in a pinch, you actively have to seek out the deeper sites; stray further from the regulated options and towards something much darker. This is obviously, obviously not good. I don’t even need to spell out how dangerous this is.

This isn’t the worst of it though. While currently it’s fairly simple to get around age verification prompts by just using a VPN, this might not be the case forever. The Australian government’s eSafety guidelines recently conducted the Age Assurance Technology Trial, and make it clear they want to crack down on these simple workarounds. They are threatening platforms to adopt more aggressive strategies to infer a user’s age. This would include things like actively tracking your behaviour to guess your age.

eSafety supports a response that involves all services, products, and platforms, such as devices’ operating systems, app stores, and search engines, in reducing access to content that may not be age appropriate

At this point, it’s the platform that has access to your login patterns, the language you use, the kinds of people you interact with, and things like that. In a world where wide-scale data breaches are announced seemingly every week, this is concerning to say the least. The reports even actively discuss pushing these checks down the chain to the device level: your operating system, your app stores, or even straight through your ISP. They openly cite models where mobile network operators just block everything by default until you verify yourself.

There’s no call to action here.

t