pull down to refresh

The age-gated internet is herereason.com/2025/07/28/the-age-gated-internet-is-here/
575 sats \ 26 comments \ @optimism 19h privacy

The UK

Beginning last week, the United Kingdom has started requiring purveyors of online porn to check IDs—and it's already reverberating beyond adult websites. For example, Bluesky—a general-interest social media platform and not what most people would call an "adult website" by any means—will begin requiring U.K. users to prove they're adults or otherwise find direct messaging and certain content inaccessible.
In addition to Bluesky, Reddit, X, Discord, and Grinder "have now announced they will deploy age assurance" schemes, Ofcom says.
Per Ofcom's rules, there are various ways that age checks can be done, including checking users' government issued IDs, employing some sort of online ID verification service, or utilizing bank, credit card, or phone information.

It Will Happen Here

If you're in the U.S. and thinking, "What does this have to do with me?" Well, consider the U.K. a glimpse into our inevitable surveillance-mad future. At least 20 states 1 have already passed rules requiring age verification for adult content. And I think we can expect most, if not all, states to follow suit now that the Supreme Court has given it the OK 2.
But sex work is always the canary in the coal mine for free speech and privacy, and age-check requirements aren't stopping with online porn. Already, some states are passing laws that necessitate social media platforms checking IDs or otherwise verifying user ages. A federal appeals court recently 3 gave the green light to Mississippi 4 to start enforcing a social media age verification law.

A Global Attack on Anonymity and Privacy

"Around the world, a new wave of child protection laws are forcing a profound shift that could normalize rigorous age checks broadly across the web," note Matt Burgess and Lily Hay Newman at Wired 5. They point out that "Meanwhile, courts in France ruled last week that porn sites can check users' ages. Ireland implemented age checking laws for video websites this week. The European Commission is testing an age-verification app. And in December, Australia's strict social media ban for children under 16 will take effect, introducing checks for social media and people logged in to search engines."
The age of online anonymity being possible is rapidly vanishing. In its place, we get dubious "protection" measures that can be easily gamed by motivated parties, may send people to less regulated and less responsible platforms, put adults and children alike at risk of identity theft and other security violations, and make it much easier for authorities around the world to keep tabs on their citizens.
Despite that laws like the one in TX (#1037208) technically allows for ZKP verification, we're not seeing this in practice. And in other jurisdictions like the UK and the EU there is much less room for this, if at all.
Can we deploy ZKP today at the scale needed to prevent the massive identity leaks of the years to come? If not yet, what's the bottleneck?

Footnotes

  1. https://www.pornhub.com/blog/age-verification-in-the-news
  2. #1036775, https://www.supremecourt.gov/opinions/24pdf/23-1122_3e04.pdf
  3. In April, 2025
  4. https://www.courtlistener.com/opinion/10380751/netchoice-v-fitch/
  5. https://www.wired.com/story/the-age-checked-internet-has-arrived/
write
preview
related posts
155 sats \ 7 replies \ @Scoresby 19h
The age-verified internet is a kyc'd internet.
Just as mixers are now considered criminal enterprises only used by evil people, vpns will be considered "identity launderers" and the people who use them will be criminals.
reply
102 sats \ 6 replies \ @optimism OP 19h
Welp. Guess I'm going to be non-compliant with 2/2 then.
reply
100 sats \ 5 replies \ @Scoresby 19h
Maybe it will actually lead to a much stronger offshore VPN industry like banking. Or something like flag of convenience identities.
reply
102 sats \ 4 replies \ @optimism OP 19h
The most comprehensive review of Google's longfellow-zk implementation I mentioned on your thread earlier this month would be https://news.dyne.org/longfellow-zero-knowledge-google-zk/ 1
It basically allows you to zero-knowledge prove your age if you are in posession of a digital ID in MDOC format, signed by an authority - like your state government.
I think the main issue here is that all these states that are pushing this, including the European ones, do not yet have the tech deployed to make the ID-side real, not even the standardized digital ID without the ZKP, but are restricting these sites early to score points. (i.e. make the current thing real to get re-elected.)
It's an extreme disservice to the public, but the public won't know until they find out about all the defaulted mortgages in their name and then they gotta pay up.
s Is the hardworking individual too big to fail too? /s

Footnotes

  1. The author is a fellow cypherpunk frequently seen at freedomtech / privacy conferences and the current lead of the W3C Security IG
reply
100 sats \ 3 replies \ @Scoresby 18h
Do you think states like those in the US or in EU are capable of implementing digital ID systems without massive failures (leaks, rampant identity theft, abuses by people who gain access to databases, etc)?
reply
117 sats \ 2 replies \ @optimism OP 18h
As someone that has actually designed and provisioned massive secure cryptographic systems irl that you're likely to have used many times in your life... Sure!
They just need good help but their RFP process is going to make them get cheap help and that's why they always fuck up.
view all 2 replies
105 sats \ 5 replies \ @NodeR1der 7h
The danger isn't just the enforcement — it's the normalization. Once the majority accepts that proof-of-identity is a prerequisite for speech, access, or finance, the infrastructure will be too embedded to resist. ZKPs like longfellow-zk are promising, but only if implemented outside of state-controlled digital ID frameworks. Otherwise, we’re just trading surveillance for more elegant surveillance. The cypherpunk path forward is self-issued credentials, selective disclosure, and protocols that don’t care who you are — only what you can prove.
reply
50 sats \ 4 replies \ @optimism OP 6h
[..] the infrastructure will be too embedded to resist.
I find this to be already the case. Identification is something for interaction between between individuals and governments; this ID is government issued, just like your SN userid is issued by SN. Federation is an anti-pattern (even on SN) except maybe with true ad-hoc "identities" like nostr keys. Everything that lifts off of federated identification by design is problematic, from banks, to websites, to p2p transactions.
A buddy told me that in the EU you (per 2026?) need to KYC a p2p cash transaction over a certain amount - like $3000 or so? That's insane. Governments have no business in transactions between 2 individuals.
The cypherpunk path forward is self-issued credentials, selective disclosure, and protocols that don’t care who you are — only what you can prove.
Agreed in vision, though practically I wonder: how would a service provider get sufficient certainty that they aren't breaking these awful laws from a self-issued credential? "I identify as a 24yo horny killer whale"
reply
105 sats \ 3 replies \ @NodeR1der 5h
You're right that, in practice, the net of compliance is already all around us — and tightening. But conceding that service providers must always pre-emptively align with the most paranoid interpretation of the law is what cements this trap. It’s the normalization of this posture — not just the regulation — that kills freedom. Self-issued credentials aren't magic; they’re leverage. They allow people to present proofs without revealing identity. That means the question shifts from “Who are you?” to “Can you prove you meet this requirement?” If a law mandates age verification, for example, then a ZKP-based attestation that you’re over 18 should suffice — without revealing your name, face, or full dossier. The current system chooses not to accept this, not because it’s insufficient, but because identity harvesting is the real goal.
reply
0 sats \ 2 replies \ @optimism OP 5h
conceding that service providers must always pre-emptively align with the most paranoid interpretation of the law is what cements this trap. It’s the normalization of this posture - not just the regulation - that kills freedom.
Without commenting on desirability, because I'm confident we agree, doesn't this get fueled by governments litigating said corporations like there is no tomorrow? This is not just the UK but they're perhaps the most active in this globally, even more than the EU.
So I'm not saying they must, but I'm saying that most are in no position to disobey. Can't expect a publicly traded company to value principles over revenue. Remember Google never giving up on censorship? That held a year?
reply
105 sats \ 1 reply \ @NodeR1der 5h
You're absolutely right — and yes, we're on the same page.
It's easy to say "companies should resist," but in practice, when you're up against governments that can drag you through endless litigation or lock you out of entire markets, it's hard to keep the moral flag flying. Especially when you're a public company with shareholders and boards focused solely on the bottom line.
The Google example really drives it home. Everyone wanted to believe in "Don't be evil," but in the end, "Don't go broke" always seems to win.
So yeah — it's not that they must, it's that they often can't do otherwise. And that is exactly the problem.
reply
50 sats \ 0 replies \ @optimism OP 5h
I'm still of the opinion that Bitcoin can fix this, if we want it to.
reply on another page
105 sats \ 1 reply \ @AngryMulbear 15h
ZKP solutions have been pitched endlessly to politicians. It falls on deaf ears because this was never about "protecting children", but silencing citizen dissent.
reply
0 sats \ 0 replies \ @optimism OP 6h
ZKP solutions have been pitched endlessly to politicians.
Yes, and Google did actual effort to implement it. Though if I remember the Google Wallet architecture correctly, I suspect that Google conveniently upgraded themselves to be part of the trusted parties (issuer + goog, instead of just issuer) - I have to investigate further to be sure though, so take this assessment with a grain of salt.
Either way, the ZKP is a damage control measure, not a fundamental fix.
reply
149 sats \ 0 replies \ @ek 17h
lol, apparently you can just submit a fake ID of your MP via use-their-id.com:
Hi HN - I made a site that takes a UK postcode, grabs the local MP's information and generates an AI mockup of what their ID might look like.
It's a small, silly protest at the stupidity of the Online Safety Act that just came into force. The IDs actually work (for Reddit, Discord etc.) which highlights how terrible this implementation is.
source
reply
200 sats \ 3 replies \ @ek 17h
Connected to a Mullvad server in London and visited a nsfw subreddit:
Just entering a fake birthday is not enough, it actually requires verification:
I also can't change my fake birthday anymore ¯\_(ツ)_/¯
reply
55 sats \ 2 replies \ @optimism OP 17h
Estimate age from selfie
I guess there's a deepfake challenge right there :-)
PS: all my mullvad VPN endpoints get blocked by Reddit normally.. do they stop doing that now? Would be cool :-)
reply
100 sats \ 1 reply \ @ek 17h
I was logged in
reply
0 sats \ 0 replies \ @optimism OP 17h
Oh! Yeah... I don't do that.
reply
100 sats \ 1 reply \ @joseph_at_nostr_fan 11h
The same techniques for surveillance that China has in place, are coming disguised as good intentions to the West.
UK is already a basket case of surveillance against the people.
America must oppose this wholeheartedly, fortunately I do not see it moving forward, but it must be consistently opposed in every nation or the surveillance state and Internet KYC becomes law.
reply
0 sats \ 0 replies \ @optimism OP 6h
fortunately I do not see it moving forward
From what I understand it's already law in MS and "NetChoice" (Goog, Meta, Snap) lost their challenge in federal appeals court? What does "moving forward" look like if not that?
reply
100 sats \ 1 reply \ @LAXITIVA 14h
Omg I hate this not that anyone would want to steal my identity but that sounds sketchy af
reply
0 sats \ 0 replies \ @optimism OP 6h
Why not? Just like with MBS, you're just one entry in the package of average rating AA- identities.
reply
0 sats \ 0 replies \ @030081fcc5 18h freebie
Good