age estimation – Bredemarket

Yoti iBeta Confirmation of Presentation Attack Detection Level 3

We’ve talked about Levels 1 and 2 of iBeta’s confirmation that particular biometric implementations meet the requirements of ISO 30107-3. But now with Yoti’s confirmation, we can talk about iBeta Level 3.

From iBeta:

“The test method was to apply 1 bona fide subject presentation that alternated with 3 artefact presentations such that the presentation of each species consisted of 150 Presentation Attacks (PAs) and 50 bona fide presentations, or until 56 hours had passed per species. The results were displayed for the tester on the device as “Liveness check: Passed” for a successful attempt or “Liveness check: Failed” for an unsuccessful attempt.

“iBeta was not able to gain a liveness classification with the presentation attacks (PAs) on the Apple iPhone 16 Pro. With 150 PAs for each of 3 species, the total number of attacks was 450, and the overall Attack Presentation Classification Error Rate (APCER) was 0%. The Bona Fide Presentation Classification Error Rate (BPCER) was also calculated and may be found in the final report.

“Yoti Limited’s myface12122025 application and supporting backend components were tested by iBeta to the ISO 30107-3 Biometric Presentation Attack Detection Standard and found to be in compliance with Level 3.”

Unintended Consequences of Age Assurance…and What Happens Next (VPNs vs. Zero Trust)

More and more jurisdictions are mandating age assurance (either age verification or age estimation) to access online services. Perhaps racy content, perhaps gambling content, or in some cases even plain old social media. But in a technical sense these age assurance mechanisms are a network problem…and you can just route yourself around a problem.

Your jurisdiction doesn’t allow you to visit the Sensuous Wildebeests website? Just install a virtual private network (VPN) to pretend that you’re in a different jurisdiction that allows access.

Problem solved…for now.

But Secrets of Privacy indicates what’s next:

“After the Online Safety Act triggered a 6,000+% surge in VPN usage, the House of Lords tabled an amendment to ban children from using VPNs. Under the proposal, VPN providers would have to verify the age of all UK users. The government has said it will “look very closely” at VPN usage.”

For more information on this proposal, see TechRadar.

And this is just one of many examples of government examination, and perhaps regulation, of VPN use.

But as Secrets of Privacy points out, there’s one big problem. VPN users aren’t only kids trying to dodge the law, or individuals trying to protect their privacy. There’s one very big class of VPN users who would NOT appreciate government regulation.

“VPNs are fundamental to modern business IT, which makes a “ban” hard to envision. Every corporation with remote workers uses them. Diverse industries, such as banking, law, finance, and ecom giants all depend on VPN technology. You can’t ban VPNs without breaking the backbone of modern IT systems.”

Of course, some argue that VPNs are an outmoded security mechanism. Here’s what Fortinet says:

“VPNs were developed when networks were different than they are now. Before the advent of cloud applications, resources were isolated within a secure corporate network perimeter. Now, modern networking infrastructures are being deployed that can quickly adapt and scale to new business requirements, which means applications and data are no longer contained within the corporate data center. Instead they reside across distributed multi-cloud and hybrid data center networks.

“This change has led to a rapid expansion of the attack surface, and in the face of this changing cybersecurity environment, Zero Trust Network Access (ZTNA) has received more attention as an alternative to VPNs for remote access.”

Of course, VPNs will fade away at the same time the password dies…in other words, not any time soon. And while Secrets of Privacy speculates about a two-tier solution in which corporations can use VPNs but individuals cannot…we’ll see.

Do you have trust, or zero trust, that VPNs will be regulated in ALL jurisdictions in the future?

Ask questions.

Roblox Implements Age Estimation

Laptop in kid's room showing chat message "I'll corrupt you"

Online games can conceal all sorts of things. For example, back in 2020 a 12 year old allegedly received this message in a chat on the Roblox online platform:

“You’re 12, I expect you to be a little slow on the upbringing, but soon I’ll corrupt you beyond your wildest dreams.”

This chat message wasn’t from another 12 year old, but reportedly from an adult man known in Roblox as “Doc,” with the purported legal name of Jadon Shedletsky. “Doc” was known to have made similar comments publicly, such as self-referencing as “the old man with kids in his basement.”

But “Doc” wasn’t Jadon Shedletsky. He was in reality Arnold Castillo, and several years later was sentenced to 15 years in federal prison after pleading guilty to Transportation of a Minor with Intent to Engage in Criminal Sexual Activity and Coercion and Enticement of a Minor. In additon to Roblox, Castillo used Discord and Instagram to communicate with the girl, and Uber for the “transportation of a minor” part.

Understandbly Roblox and the parents of Roblox’s youthful users don’t want the kids to strike up chats with people like Castillo. So Roblox is limiting chats between young kids and adults.

“[O]ur age check requirement to chat, which launched in select regions in early December, is rolling out globally wherever chat is available. Users in the U.S. and select regions will see in-app prompts asking them to complete an age check to chat with others. Over the next week, these prompts will roll out to all regions where chat is available.”

But how do you enforce such rules when kids normally don’t have identification?

According to Biometric Update, with age estimation.

“Roblox uses facial age estimation (FAE) technology from Persona for its Trusted Connections feature, which requires users to do an age check before they can interact with others on the platform….

“The technology used by our vendor, Persona, has been tested and certified by third-party laboratories. The age estimation models used achieved a Mean Absolute Error of 1.4 years for users younger than 18, based on testing by the Age Check Certification Scheme in the UK.”

There are differences between age verification and age estimation, but there are also times when you can only use one or the other.

As biometric product marketing experts know.

More On The Positive Economic Impact of Age-Controlled Products and Services

The U.S. Census Bureau has provided follow-up information that supplements its earlier report on Native American casinos, which I previously discussed. It turns out that the immigrant populations (you know, people of English and other descents) are cashing in also.

“The national total of state sales tax revenue from sports betting soared 382%, from $190 million in the third quarter of 2021 (when data collection began) to $917 million in the second quarter of 2025, according to the U.S. Census Bureau’s Quarterly Summary of State and Local Tax Revenue (QTAX).

“Sports betting became possible in May 2018 when the U.S. Supreme Court struck down the Professional and Amateur Sports Protection Act. Since then, a majority of states have legalized some form of sports betting; including online, mobile, retail sports betting and pari-mutuels (such as wagers made on horse-racing).

“Sports betting is a growing industry, and the tax revenue it generates helps fund public schools, roads, highways, law enforcement and gambling addiction treatment.”

Read the entire piece here.

Federal Trade Commission Age Verification (and estimation?) Workshop January 28

A dizzying array of federal government agencies is interested in biometric verification and biometric classification, for example by age (either age verification or age estimation). As Biometric Update announced, we can add the Federal Trade Commission (FTC) to the list with an upcoming age verification workshop.

Rejecting age estimation in 2024

The FTC has a history with this, having rejected a proposed age estimation scheme in 2024.

“Re: Request from Entertainment Software Rating Board, Yoti Ltd., Yoti (USA) Inc., and Kids Web Services Ltd. for Commission Approval of Children’s Online Privacy Protection Rule Parental Consent Method (FTC Matter No. P235402)

“This letter is to inform you that the Federal Trade Commission has reviewed your group’s (“the ESRB group”) application for approval of a proposed verifiable parental consent (“VPC”) method under the Children’s Online Privacy Protection Rule (“COPPA” or “the Rule”). At this time, the Commission declines to approve the method, without prejudice to your refiling the application in the future….

“The ESRB group submitted a proposed VPC method for approval on June 2, 2023. The method involves the use of “Privacy-Protective Facial Age Estimation” technology, which analyzes the geometry of a user’s face to confirm that the user is an adult….The Commission received 354 comments regarding the application. Commenters opposed to the application raised concerns about privacy protections, accuracy, and deepfakes. Those in support of the application wrote that the VPC method is similar to those approved previously and that it had sufficient privacy guardrails….

“The Commission is aware that Yoti submitted a facial age estimation model to the National Institute of Standards and Technology (“NIST”) in September 2023, and Yoti has stated that it anticipates that a report reflecting NIST’s evaluation of the model is forthcoming. The Commission expects that this report will materially assist the Commission, and the public, in better understanding age verification technologies and the ESRB group’s application.”

You can see the current NIST age estimation results on NIST’s “Face Analysis Technology Evaluation (FATE) Age Estimation & Verification” page, not only for Yoti, but for many other vendors including my former employers IDEMIA and Incode.

But the FTC rejection was in 2024. Things may be different now.

Revisiting age verification and age estimation in 2026?

The FTC has scheduled an in-person and online age verification workshop on January 28.

The in-person event will be at the Constitution Center at 400 7th St SW in Washington DC.
Details regarding online attendance will be published on this page in the coming weeks.

“The Age Verification Workshop will bring together a diverse group of stakeholders, including researchers, academics, industry representatives, consumer advocates, and government regulators, to discuss topics including: why age verification matters, age verification and estimation tools, navigating the regulatory contours of age verification, how to deploy age verification more widely, and interplay between age verification technologies and the Children’s Online Privacy Protection Act (COPPA Rule).”

Will the participants reconsider age estimation in light of recent test results?

We Know All About You, Music Lover

This is the week that we celebrate how much companies in Sweden and elsewhere know about us.

Including estimated ages.

Which may or may not (I’m not telling) be as accurate as software that analyzes your face for age estimation.

And the companies gathering the data can then sell it to advertisers and others who use it in all sorts of ways.

It will be interesting to see the corporate messaging that I and other Spotify users will receive over the next few days.

“If you listen to Depeche Mode, perhaps our Medicare plans may interest you.”

The Positive Economic Impact of Age-Controlled Products and Services

When discussing age restricted products and services-the ones that require age verification or age estimation-the discussion often focuses on the negative aspects of these products of services. After all, they are age restricted for a reason: you don’t want a five year old smoking marijuana or playing poker.

But as the providers of age restricted items will remind you, they also provide a positive impact to the community.

And sometimes the government also joins in the chorus of praise.

Here’s what the U.S. Census Bureau says about Native American casinos:

“The expansion of tribal casinos that began in the 1990s helped improve economic conditions faster for American Indians relative to the U.S. population as a whole, according to joint U.S. Census Bureau and university research, though there is still progress to be made: the American Indian poverty rate was 19.6% in 2024, greater than that year’s national average of 12.1%, according to Census Bureau data….

“American Indians living on reservation lands (regardless of the presence of a casino or cash transfer program) saw a 46.5% rise in real per capita income compared to 7.8% for the United States as a whole.”

Read the entire article here.

When Prospects Ask Technical Marketers the Tough Questions

Some technical marketers are expert at spinning soft fluffy stories about how their AI-powered toilet paper can cure cancer…which can be very persuasive as long as the prospects don’t ask any questions.

For example, let’s say you’re telling a Chick-fil-A in Kettering, Ohio that you’ll keep 17 year olds out of their restaurant. Are you ready when the prospect asks, “How do you KNOW that the person without ID is 17 years and 359 days old, and is not 18?”

Or let’s say you’re telling a state voter agency that you’ll enforce voter ID laws. Are you ready when the prospect asks, “How do you KNOW that the voter ID is real and not fake? Or that it is fake and not real?”

Be prepared to answer the tough questions. Expert testimonials. Independent assessments of your product’s accuracy. Customer case studies.

Analyze your product’s weaknesses. (And the threats, if you’re a SWOT groupie.)

And call in the expert help.

Stop losing prospects! Use Bredemarket content for tech marketers

Age Assurance Moves to Fast Food at a Chick-fil-A in Kettering, Ohio

(Imagen 4)

How old are you? The question that’s been asked at bars, pornography sites, and social media sites is now being asked at…a fast food restaurant in Kettering, Ohio.

I’ve talked about age assurance, age verification, and age estimation in a variety of use cases, including:

alcohol
tobacco
firearms
cannabis
driver’s licenses
gambling
“mature” adult content
car rentals
social media access

But what about fast food?

Anti-teen dining policies are nothing new, but this particular one is getting national attention.

The Kettering Chick-fil-A Teen Chaperone Policy

The Chick-fil-A in Kettering, Ohio (which apparently is a franchise and not company owned) posted the following last week:

“With school starting, we wanted to make sure that everyone is aware of our Teen Chaperone Policy. We are grateful for your support and want to make sure Chick-fil-A Kettering is a safe and enjoyable place for everyone! Thank you so much!”

From the Chick-fil-A Kettering Facebook page. (LINK)

Chick-fil-A Kettering Teen Chaperone Policy

To ensure a safe and respectful environment for all guests:

Guests 17 and under must be accompanied by a parent, guardian, or adult chaperone (age 21+) to dine in.

Unaccompanied minors may be asked to leave.

Thank you for helping us keep Chick-fil-Afamily-friendly!

Chick-fil-A Kettering

For the moment let’s admit that the Chick-fil-A worker (who may or may not be 17 years old themselves) tasked with enforcing the rule will probably just eyeball the person and decide if they’re old enough.

And let’s also ignore the business ramifications of this franchise’s actions, not only for the franchise location itself, but for all Chick-fil-A restaurants, including those who welcome people of all ages at all times.

Brick-and-mortar, underage

But there are some ramifications I want to address now.

This is definitely a brand new use case unlike the others, both because

it affects a brick-and-mortar establishment (not a virtual one), and
it affects people under the age of 18 whose ages are difficult to authenticate.

The last point is a big one I’ve addressed before. People under the age of 18 may not have a driver’s license or any valid government ID that proves their age. And if I’m a kid and walking to the Chick-fil-A, I’m not taking my passport with me.

In a way that’s precisely the point, and the lack of a government ID may be enough to keep the kids out…except that people over the age of 18 may not have a driver’s license either, and thus may be thrown out unjustly.

Enforcing a business-only rule without government backing

In addition, unlike alcohol or cannabis laws, there are very few laws that can be used to enforce this. Yes, there are curfew laws at night, and laws that affect kids during school hours, but this franchise’s regulation affects the establishment 24 hours a day (Sundays excluded, of course).

So Chick-fil-A Kettering is on its own regarding the enforcement of its new rule.

Unless Kettering modifies its municipal code to put the rule of law behind this rule and force ALL fast food establishments to enforce it.

And then what’s next? Enforcement at the Kettering equivalent of James Games?

Oh, Joel (Texas Porn and Georgia Social Media)

A wombat in lingerie, or a racy wombat. Not a RACI wombat, the topic of the blog post.

The definitive summary on U.S. age assurance for adult content and social media as of today (June 27, 2025) has already been written at Biometric Update.

And I confess that if I were Joel R. McConvey, I would have unable to resist the overpowering temptation to dip my pen in the inkwell and write the following sentence:

“But as age checks become law in more and more places, the industry will have to weigh how far it can push – or pull out.”

But McConvey’s article does not just cover the Supreme Court’s decision on Texas HB 1181’s age verification requirement for porn websites—and Justice Clarence Thomas’ statement in the majority opinion that the act “triggers, and survives, review under intermediate scrutiny because it only incidentally burdens the protected speech of adults.”

What about social media?

The Biometric Update article also notes that a separate case regarding age assurance for social media use is still winding its way through the courts. The article quotes U.S. District Judge Amy Totenberg’s ruling on Georgia SB 351:

“[T]he act curbs the speech rights of Georgia’s youth while imposing an immense, potentially intrusive burden on all Georgians who wish to engage in the most central computerized public fora of the twenty-first century. This cannot comport with the free flow of information the First Amendment protects.”

One important distinction: while opposition to pornography is primarily (albeit not exclusively) from the right of the U.S. political spectrum, opposition to social media is more broad-based. So social media restrictions are less of a party issue.

But returning to law rather than politics, one can objectively (or most likely subjectively) debate the Constitutional merits of naked people having sex vs. AI fakes of reunions of the living members of Led Zeppelin, the latter of which seem to be the trend on Facebook these days.

Minority Report

But streaking back to Texas, what of the minority opinion of the three Supreme Court Justices who dissented in the 6-3 opinion? According to The Texas Tribune, Justice Elena Kagan spoke for Justices Sonia Sotomayor and Kentanji Brown Jackson:

“But what if Texas could do better — what if Texas could achieve its interest without so interfering with adults’ constitutionally protected rights in viewing the speech HB 1181 covers? The State should be foreclosed from restricting adults’ access to protected speech if that is not in fact necessary.”

If you assume age verification (which uses a government backed ID) rather than age estimation (which does not), the question of whether identity verification (even without document retention) is “restricting” is a muddy one.

Of course all these issues have little to do with the technology itself, reminding us that technology is only a small part of any solution.