Those Austrians who are concerned about their personal data they provide for the purpose of age verification leaking are overreacting. There is no reason to worry.

That's because a subsidiary of the Austrian Broadcasting Corporation (#ORF) already leaked every single Austrian's birthdate a few years ago, so your data is already out there. The Austrian data protection agency stated that that company "did everything right“, and there were no repercussions.

Announced earlier this month, the goal of Ike Tech is to use biometric data and blockchain as security for age-verification measures built directly into the cartridge of a disposable vape.

The lasting damage was knowing it could happen at all: that a single contributor with no stated organizational backing could submit compliance infrastructure for surveillance law directly into the software that boots your computer, get it merged by two Microsoft employees, and have the creator of systemd personally block the removal.

The systemd PR was merged by Luca Boccassi, a systemd maintainer who works for Microsoft. Lennart Poettering, the creator of systemd who spent years at Red Hat before joining Microsoft in 2022, had just left Microsoft to found a new startup weeks before the merge, but he has remained active in systemd development.

The most powerful gatekeeper for the init system that boots most Linux machines is employed by a company with significant commercial interest in OS-level identity infrastructure becoming normalized. He let the PR through.

„Ich begrüße, dass der EU-Gipfel das digitale Mindestalter für soziale Medien klar auf die Agenda gesetzt hat und den DSA als geeignetes Instrument sieht und stärken will“, reagierte Digitalisierungsstaatssekretär Alexander Pröll (ÖVP). „Aber Kinder und Jugendliche brauchen jetzt Schutz - nicht irgendwann. Österreich wird daher eine nationale Lösung vorantreiben und parallel auf europäischer Ebene weiter Druck machen. Wir können und wollen nicht länger warten.“

The group of computer scientists from around the world cautions that "those deciding which age-based controls need to exist, and those enforcing them gain a tremendous influence on what content is accessible to whom on the internet." They add that "this influence could be used to censor information and prevent users from accessing services."

"Regulating the use of VPNs, or subjecting their use to age assurance controls, will decrease the capability of users to defend their privacy online. This will not only force regular users to leave a larger footprint on the network, but will leave a number of at-risk populations unprotected, such as journalists, activists, or domestic abuse victims." It continues: "We note that we do not believe that trying to regulate VPN use for non-compliant users would be any more effective than trying to forbid the use of end-to-end encrypted communication for criminals. Secure cryptography is widely available and can no longer be put back into a box."

"If minors or adults are deplatformed via age-related bans, they are likely to migrate to find similar services," warn the scientists. "Since the main platforms would all be regulated, it is likely that they would migrate to fringe sites that escape regulation." With data on everyone collected in order to restrict the activites of minors, data abuses and privacy risks increase. "This in itself increases privacy risks, with data being potentially abused by the provider itself or its subcontractors, or third parties that get access to it, e.g., after a data breach, like the 70K users that had their government ID photos leaked after appealing age assessment errors on Discord."

Instead of mandated age restrictions, the letter urges lawmakers to consider the dangers and suggest regulating social media algorithms instead. They also recommend "support for parents to locally prevent access to non-age-appropriate content or apps, without age-based control needing to be implemented by service providers."

Age verification is a reality on a growing number of social media platforms, requiring an ID or facial scan for full access to everything from YouTube to Roblox. The age-gating wave is coming along with calls for stronger child safety measures online, despite concerns about privacy, security, and censorship.

In the US, lawmakers are pushing forward bills like the App Store Accountability Act and Parents Over Platforms Act to have app stores themselves verify users’ ages.

Discord has delayed plans to roll out age verification globally after user backlash until later in 2026, but it hasn’t completely shelved them, even after a breach of a former vendor last year that leaked some users’ scanned IDs. Meanwhile, other platforms, like ChatGPT and Google, are applying AI models to identify and lock down accounts suspected of being underage until some form of identity verification can prove the user is an adult.

Peter Thiel, co-founder of surveillance and data analytics company Palantir, is a major investor in Persona – the age verification provider used by major platforms including Reddit and Discord.

Thiel’s venture capital firm, Founders Fund, led Persona’s $150 million Series C funding round and $200 million Series D funding round, backing the rapid expansion of the US-based identity verification company.

„Social-Media-Verbote klingen nach einer einfachen Lösung für komplexe Probleme, doch sie schützen junge Menschen nicht vor den Gefahren im Netz, sie verschieben sie lediglich“, erklärt Anne-Mieke Bremer. „Der digitale Raum ist längst ein Bestandteil unserer Gesellschaft und der Lebensrealität von Kindern und Jugendlichen, wie für Erwachsene. Wer Kinder und Jugendliche davon abschirmt, nimmt ihnen die Chance, unter Begleitung einen verantwortungsbewussten Umgang mit Medien zu erlernen.“

At the heart of the controversy is a major change to Discord’s age verification process. Originally, the company explicitly assured users that video selfies submitted for facial age estimation would “never leave a user’s device.”

However, according to Eurogamer, British users have recently discovered a quiet update to the platform’s FAQ. It reveals that some may now be funnelled through a different vendor, Persona, where verification data will actually leave the phone.

Under this new “experiment,” the selfie and identification information provided by UK users will be temporarily stored on Persona’s servers for up to seven days before deletion. While Discord maintains that “all details are blurred except your photo and date of birth,” the shift from on-device processing to cloud storage represents a significant departure from previous privacy guarantees.

Das Social-Media-Verbot für unter 16-Jährige in Australien wird umgangen und macht weniger regulierte Plattformen wie 4chan attraktiver.