Caveat – At the White Hatter, our aim is to equip parents with insights that highlight multiple perspectives on youth, teens, and their use of technology. Our focus is on helping you make an informed decision grounded in the most accurate information available. This article was written with that purpose in mind.
As parents and caregivers, protecting our children online is a paramount concern. The onlife world is filled with risks, from age-inappropriate content to potential online exploitation. Age verification technologies, often touted as a solution by some, are being widely considered for keeping younger users off adult websites and social media platforms. While the need to protect children online is clear, it’s essential to consider the broader implications of using age verification technology. By adopting these measures, are we compromising privacy in ways that may pose hidden risks to both our children and our society? Does the thesis, “do the online risks to our kids outweigh the risks to our privacy when it comes to age-verification technology?” justify the use of age-verification? At The White Hatter, we disagree with the premise of this thesis being presented as a binary, and here’s why!
The impulse to prioritize online safety with youth is understandable. But the debate isn’t merely about choosing children’s safety over adult privacy – it’s about considering how age-verification may introduce risks that aren’t immediately obvious to all.
Age-verification systems often collect and store sensitive information, including birth dates, government-issued IDs, or biometric data. Once this data is gathered, it’s stored digitally, where it can be vulnerable to data breaches or misuse. This makes privacy risks very real, and they may ultimately impact the safety and well-being of both children and adults if their information is compromised.
As an example, if a breach exposes sensitive data, a child’s digital identity and personal details could become accessible to malicious actors. This exposure can have far-reaching consequences that include identity theft, stalking, or even exploitation, adding new layers of risk that didn’t exist before.
Many age-verification technologies are powered by biometric data like facial recognition or even fingerprint scans. Using these methods to verify age might prevent a child from accessing adult sites, but it also means children are now more visible to companies and potentially the government. This surveillance capability, even if well-intentioned, raises concerns about how long this data is retained, who can access it, and under what circumstances it might be shared.
Some argue that our devices already possess extensive information about us, using biometrics to unlock phones, storing credit card details, and even allowing driver’s licenses to be uploaded to digital wallets, so what’s the big deal. However, these functionalities are optional – users have the choice to enable or disable them. For example, many people choose not to use biometric features, preferring alphanumeric passwords, and others avoid storing sensitive information on their devices altogether. This element of choice is critical – it highlights that individuals maintain some control over the extent of their data exposure on personal devices.
An important question to ask – are we willing to give companies, third parties, and the government access to data that could track children and adults over their lifetimes? Are there protections in place to prevent this data from being used for purposes other than age verification? Without strict, enforceable guidelines, we may inadvertently be introducing children to an environment of surveillance they can’t escape as they grow older.
Today’s age verification methods could become a precedent for more invasive data collection practices in the future. Once data collection becomes the norm, new demands for access or stricter regulations may be introduced. What starts as an attempt to keep children safe could potentially snowball into a system where vast amounts of personal data are accessible to organizations and government agencies we may not fully trust.
History has shown us that when it comes to data collection, once boundaries shift, it can be difficult to revert to more privacy-respecting norms. Even well-intentioned laws, when applied broadly, can turn into a digital dragnet that threatens everyone’s privacy, making our children’s data, and our own, vulnerable to evolving demands. (1)
An argument in favor of age verification technologies is that they provide a practical solution to prevent children from accessing harmful content. However, children and teens are often quick to find workarounds to bypass these restrictions, such as using fake IDs, accessing alternate devices, or creating multiple accounts. (2)
If these systems aren’t as effective as they claim, are the privacy trade-offs worth it? Investing in educating children about digital literacy and fostering open conversations about online risks could provide a more effective layer of protection without compromising privacy. This approach promotes resilience and discernment in children, reducing their need for age-gated barriers they may attempt to bypass.
When companies collect personal data, the potential for misuse is ever-present. Consider the fact that age verification data might, at some point, be shared or sold to other companies. While many companies adhere to strict data protection policies, recent incidents have shown that even large, secure organizations are vulnerable to extremely personal data leaks and breaches. (3)
Also, storing children’s biometric or identification information could introduce unintended consequences if this data is later exploited for profit or tracking purposes. Parents need assurance that age verification processes include solid legal protections, transparency, and limited data retention policies to ensure that data collected today does not resurface in unexpected ways tomorrow – such technology does not really exist today, and many experts in this field of study have stated that such a goal may be extremely challenging. However, the new Zero-Knowledge-Proof verification technology shows some promise.
Zero-knowledge-Proof (ZKP) age verification technology is emerging and being touted as a sophisticated approach to enhance online safety without compromising privacy. Unlike traditional verification methods that require sharing sensitive personal data (like ID documents or biometric information), ZKP technology verifies a user’s age by mathematically confirming it without revealing any personal data. This is particularly appealing in protecting children’s privacy online while ensuring age-appropriate access to social media and other digital services.
Zero-knowledge-proof tools use cryptographic protocols that enable someone to prove a statement’s truth without sharing specific data about the statement. For age verification, this means a user can prove they are an adult without revealing their birth date or other personal details. Here’s a simple breakdown of the process:
- When an individual signs up for an age-restricted service, their device generates a unique, encrypted proof based on data verified by a trusted third party (such as a government ID issuer) but does not store or transmit the sensitive data itself.
- The service then verifies the proof, confirming the individual meets the age requirement without accessing their personal information. This ensures that platforms know the user is an adult but cannot access other details about their identity.
- Because ZKPs do not require storing or transmitting specific details like birth dates or ID numbers, it is believed that this system significantly reduces privacy risks. Even if hackers gain access to the platform, they cannot obtain age-related personal information.
Zero-knowledge-proof (ZKP) age verification offers a range of privacy benefits by ensuring that users’ personal information is neither stored nor accessible during verification, which significantly reduces the risk of data theft. Because no personal details are saved or exchanged, ZKP technology minimizes the impact of data breaches, safeguarding users’ identities and lowering the chances of data misuse. ZKP also aligns with privacy-focused regulations like GDPR and COPPA, as it verifies users through cryptographic proofs rather than actual data collection, which helps companies comply with these stringent standards. This makes ZKP-based age verification a more secure and appealing option, particularly for parents and caregivers, as it reassures them that their family’s personal information remains private and protected – or is it?
There are still some significant privacy and security concerns that have been identified with ZKP technology, (4) as well as possible bypass tactics that teens might attempt that have to be considered. Here’s a breakdown of some of these concerns, and potential ways for youth to bypass:
- ZKP verification often depends on a trusted authority (like a government body or identity verification service) to issue cryptographic proofs. This means that some form of personal data may initially be shared with these authorities, raising privacy concerns over who holds the data and how securely it’s stored, and what they could leverage it.
- While ZKPs mask explicit personal data, the technology might still collect metadata (e.g., device ID, IP address) to verify that a person consistently accesses a service. Such data could theoretically be used to track users, creating potential privacy risks if this information is ever exposed or misused
- Once implemented, ZKP systems might be repurposed for other uses beyond age verification, such as more intrusive monitoring or identification, especially if legal or political pressures demand it. This can raise ethical concerns regarding consent and control over personal data.
- ZKP age verification systems require complex cryptographic protocols, and if there are weaknesses in their implementation, they could be vulnerable to hacking. Hackers who manage to compromise a ZKP system could potentially undermine the privacy benefits it offers, which could expose users’ information or allow identity fraud.
- Teens could attempt to bypass age verification by accessing services through a parent’s or other adult’s account or device that has already been verified as belonging to someone over the age threshold.
- If a ZKP system initially verifies an individual based on government-issued ID or third-party documents, tech-savvy teens might use altered documentation or acquire adult ID details from others to generate fake proofs.
- Teens could possibly use Virtual Private Networks (VPNs) or other spoofing tactics to simulate different devices or locations, potentially confusing systems that use metadata like IP addresses or geolocation as part of their verification checks.
While wide-scale deployment of ZKP age verification for social media has not yet been fully tested and made commonplace, the technology’s adoption is progressing quickly as privacy-conscious solutions continue to gain traction, particularly where regulatory compliance and public safety and security intersect. If this technology works likes its developers say it does, these technologies may strike a balance, allowing users to prove they meet age requirements without risking their sensitive data. Time and testing will tell, but this is probably years out.
Our core argument is that privacy and safety are intertwined, rather than opposing goals. When we protect our children’s privacy, we’re also safeguarding them from a world in which their personal data can be commodified, manipulated, or exposed to harmful entities as they mature into adulthood – something that we know most major social media platforms already do.
Age-verification technology can be one piece of the puzzle, but it’s not a magic bullet that some are making it out to be. Parents, caregivers, educators, and policymakers need to consider alternative ways to keep children safe online without sacrificing their right to a private and secure digital identity. (5) Building robust, transparent policies around data collection and focusing on educating children about digital literacy may ultimately serve as a more sustainable way to protect them in an increasingly connected world.
Some may argue, “What about vulnerable children or those without attentive parents who actually don’t care about their child accessing technology and the internet?” Darren, who served as a police officer for over 30 years, points out that children in challenging home situations have always faced risks, even before the widespread adoption of technology and the internet. Yes, the technology has introduced new dimensions to these issues, but the underlying vulnerabilities of children without supportive family structures are not new. In fact, the good research shows that those who are at risk offline are most at risk online. According to Darren, the focus should be on holistic support systems that address the needs of at-risk children directly, rather than solely relying on technological, parental, or caregiver oversight. Technology can be part of the solution, but community and systemic support are equally essential to safeguarding vulnerable youth, but all too often it is underfunded or hard to access.
Every parent and caregiver want to ensure their child’s online experience is safe, and age-verification systems may appear to offer a quick, effective solution. However, it’s essential to consider the privacy risks that accompany this technology. The argument isn’t that safety is less important than privacy or vice versa. It’s about recognizing that privacy itself is a critical part of safety. Compromising it for the sake of security and safety can create new, unintended risks that may ultimately impact not just our children, but adults as well, in ways we don’t yet fully understand.
Parents and caregivers should ask for transparency and accountability from those developing age verification technology. What data is collected? How is it stored, used, and protected? What rights do we have to control or delete that data? By asking these questions and considering the long-term implications of privacy, we can advocate for a digital landscape that respects and protects the safety of our children and their right to privacy. In the end, a balanced, informed approach to digital literacy and internet safety helps us achieve the ultimate goal – a safer, healthier onlife world for our kids. (6)
Digital Food For Thought
The White Hatter
Facts Not Fear, Facts Not Emotion, Enlighten Not Frighten, Know Tech Not No Tech
References: