Tag Archives: age verification

Unintended Consequences of Age Assurance…and What Happens Next (VPNs vs. Zero Trust)

More and more jurisdictions are mandating age assurance (either age verification or age estimation) to access online services. Perhaps racy content, perhaps gambling content, or in some cases even plain old social media. But in a technical sense these age assurance mechanisms are a network problem…and you can just route yourself around a problem.

Your jurisdiction doesn’t allow you to visit the Sensuous Wildebeests website? Just install a virtual private network (VPN) to pretend that you’re in a different jurisdiction that allows access.

Problem solved…for now.

But Secrets of Privacy indicates what’s next:

“After the Online Safety Act triggered a 6,000+% surge in VPN usage, the House of Lords tabled an amendment to ban children from using VPNs. Under the proposal, VPN providers would have to verify the age of all UK users. The government has said it will “look very closely” at VPN usage.”

For more information on this proposal, see TechRadar.

Google Gemini.

And this is just one of many examples of government examination, and perhaps regulation, of VPN use.

But as Secrets of Privacy points out, there’s one big problem. VPN users aren’t only kids trying to dodge the law, or individuals trying to protect their privacy. There’s one very big class of VPN users who would NOT appreciate government regulation.

“VPNs are fundamental to modern business IT, which makes a “ban” hard to envision. Every corporation with remote workers uses them. Diverse industries, such as banking, law, finance, and ecom giants all depend on VPN technology. You can’t ban VPNs without breaking the backbone of modern IT systems.”

Google Gemini.

Of course, some argue that VPNs are an outmoded security mechanism. Here’s what Fortinet says:

“VPNs were developed when networks were different than they are now. Before the advent of cloud applications, resources were isolated within a secure corporate network perimeter. Now, modern networking infrastructures are being deployed that can quickly adapt and scale to new business requirements, which means applications and data are no longer contained within the corporate data center. Instead they reside across distributed multi-cloud and hybrid data center networks.

“This change has led to a rapid expansion of the attack surface, and in the face of this changing cybersecurity environment, Zero Trust Network Access (ZTNA) has received more attention as an alternative to VPNs for remote access.”

Of course, VPNs will fade away at the same time the password dies…in other words, not any time soon. And while Secrets of Privacy speculates about a two-tier solution in which corporations can use VPNs but individuals cannot…we’ll see.

Do you have trust, or zero trust, that VPNs will be regulated in ALL jurisdictions in the future?

Ask questions.

Surfin’ Identity

Imagine if Capitol Records employed age verification in 1963.

Some musicians reach superstardom in their early 20s, feeling tremendous pressure at a young age. 

But sometimes they’re younger: when “Surfin’ U.S.A.” hit number 3 on Billboard and Cash Box, surf guitarists Carl Wilson and (soon to depart) David Marks were 16 and 14, respectively.

Of course, Capitol Records would face a bigger problem—Know Your Composer. Brian Wilson did not write the song alone.

Kalshi, Polymarket, DraftKings, FanDuel, and Gambling Legality

(Bredebot helped write small parts of this post.)

Is it only smartphone game app users who are inundated with an unrelenting barrage of Kalshi ads?

If nothing else, the barrage inspired me to research Designated Contract Markets (DCMs). A DCM is a status granted and regulated by the Commodity Futures Trading Commission (CFTC), a federal agency. As such, Kalshi argues that it is exempt from state gaming regulations because it’s not hosting gambling. It’s hosting futures trading.

Gemini.

But Kalshi and similar apps such as Polymarket are opposed by DraftKings, FanDuel, and other sports betting apps. They make no pretense of “trading futures,” but comply with state-level gambling regulations, and use geolocation to prohibit mobile sports betting in states such as California where it is illegal.

And both are opposed by Native American casinos governed by the Indian Gaming Regulatory Act (IGRA) of 1988, which allows sovereign tribal nations to host traditional Indian games.

And they are opposed by other card houses, racetracks, bingo games, and state sponsored lotteries.

And all are opposed by the traditional Las Vegas casinos…except when they themselves host mobile apps and strike licensing deals with Native American casinos.

But the mobile app variants not only deal with geolocation, but also digital identity verification and age verification. 

And employment verification or non-verification to ensure that football players aren’t betting on football games.

Gemini.

Plus authentication to open the app and ensure Little Jimmy doesn’t open it.

Gemini.

There are all sorts of gaming identity stories…and Bredemarket can help identity/biometric marketers tell them.

Stop losing prospects! Use Bredemarket content for tech marketers

More On The Positive Economic Impact of Age-Controlled Products and Services

The U.S. Census Bureau has provided follow-up information that supplements its earlier report on Native American casinos, which I previously discussed. It turns out that the immigrant populations (you know, people of English and other descents) are cashing in also.

“The national total of state sales tax revenue from sports betting soared 382%, from $190 million in the third quarter of 2021 (when data collection began) to $917 million in the second quarter of 2025, according to the U.S. Census Bureau’s Quarterly Summary of State and Local Tax Revenue (QTAX).

“Sports betting became possible in May 2018 when the U.S. Supreme Court struck down the Professional and Amateur Sports Protection Act. Since then, a majority of states have legalized some form of sports betting; including online, mobile, retail sports betting and pari-mutuels (such as wagers made on horse-racing).

“Sports betting is a growing industry, and the tax revenue it generates helps fund public schools, roads, highways, law enforcement and gambling addiction treatment.”

Read the entire piece here.

Federal Trade Commission Age Verification (and estimation?) Workshop January 28

A dizzying array of federal government agencies is interested in biometric verification and biometric classification, for example by age (either age verification or age estimation). As Biometric Update announced, we can add the Federal Trade Commission (FTC) to the list with an upcoming age verification workshop.

Rejecting age estimation in 2024

The FTC has a history with this, having rejected a proposed age estimation scheme in 2024.

“Re: Request from Entertainment Software Rating Board, Yoti Ltd., Yoti (USA) Inc., and Kids Web Services Ltd. for Commission Approval of Children’s Online Privacy Protection Rule Parental Consent Method (FTC Matter No. P235402)

“This letter is to inform you that the Federal Trade Commission has reviewed your group’s (“the ESRB group”) application for approval of a proposed verifiable parental consent (“VPC”) method under the Children’s Online Privacy Protection Rule (“COPPA” or “the Rule”). At this time, the Commission declines to approve the method, without prejudice to your refiling the application in the future….

“The ESRB group submitted a proposed VPC method for approval on June 2, 2023. The method involves the use of “Privacy-Protective Facial Age Estimation” technology, which analyzes the geometry of a user’s face to confirm that the user is an adult….The Commission received 354 comments regarding the application. Commenters opposed to the application raised concerns about privacy protections, accuracy, and deepfakes. Those in support of the application wrote that the VPC method is similar to those approved previously and that it had sufficient privacy guardrails….

“The Commission is aware that Yoti submitted a facial age estimation model to the National Institute of Standards and Technology (“NIST”) in September 2023, and Yoti has stated that it anticipates that a report reflecting NIST’s evaluation of the model is forthcoming. The Commission expects that this report will materially assist the Commission, and the public, in better understanding age verification technologies and the ESRB group’s application.”

You can see the current NIST age estimation results on NIST’s “Face Analysis Technology Evaluation (FATE) Age Estimation & Verification” page, not only for Yoti, but for many other vendors including my former employers IDEMIA and Incode.

But the FTC rejection was in 2024. Things may be different now.

Grok.

Revisiting age verification and age estimation in 2026?

The FTC has scheduled an in-person and online age verification workshop on January 28.

  • The in-person event will be at the Constitution Center at 400 7th St SW in Washington DC.
  • Details regarding online attendance will be published on this page in the coming weeks.

“The Age Verification Workshop will bring together a diverse group of stakeholders, including researchers, academics, industry representatives, consumer advocates, and government regulators, to discuss topics including:  why age verification matters, age verification and estimation tools, navigating the regulatory contours of age verification, how to deploy age verification more widely, and interplay between age verification technologies and the Children’s Online Privacy Protection Act (COPPA Rule).”

Will the participants reconsider age estimation in light of recent test results?

The Positive Economic Impact of Age-Controlled Products and Services

When discussing age restricted products and services-the ones that require age verification or age estimation-the discussion often focuses on the negative aspects of these products of services. After all, they are age restricted for a reason: you don’t want a five year old smoking marijuana or playing poker.

But as the providers of age restricted items will remind you, they also provide a positive impact to the community.

And sometimes the government also joins in the chorus of praise.

Here’s what the U.S. Census Bureau says about Native American casinos:

“The expansion of tribal casinos that began in the 1990s helped improve economic conditions faster for American Indians relative to the U.S. population as a whole, according to joint U.S. Census Bureau and university research, though there is still progress to be made: the American Indian poverty rate was 19.6% in 2024, greater than that year’s national average of 12.1%, according to Census Bureau data….

“American Indians living on reservation lands (regardless of the presence of a casino or cash transfer program) saw a 46.5% rise in real per capita income compared to 7.8% for the United States as a whole.”

Read the entire article here.

When Prospects Ask Technical Marketers the Tough Questions

Some technical marketers are expert at spinning soft fluffy stories about how their AI-powered toilet paper can cure cancer…which can be very persuasive as long as the prospects don’t ask any questions.

  • For example, let’s say you’re telling a Chick-fil-A in Kettering, Ohio that you’ll keep 17 year olds out of their restaurant. Are you ready when the prospect asks, “How do you KNOW that the person without ID is 17 years and 359 days old, and is not 18?”
  • Or let’s say you’re telling a state voter agency that you’ll enforce voter ID laws. Are you ready when the prospect asks, “How do you KNOW that the voter ID is real and not fake? Or that it is fake and not real?”

Be prepared to answer the tough questions. Expert testimonials. Independent assessments of your product’s accuracy. Customer case studies.

Analyze your product’s weaknesses. (And the threats, if you’re a SWOT groupie.)

And call in the expert help.

Stop losing prospects! Use Bredemarket content for tech marketers

Age Assurance Moves to Fast Food at a Chick-fil-A in Kettering, Ohio

(Imagen 4)

How old are you? The question that’s been asked at bars, pornography sites, and social media sites is now being asked at…a fast food restaurant in Kettering, Ohio.

I’ve talked about age assurance, age verification, and age estimation in a variety of use cases, including:

  • alcohol
  • tobacco
  • firearms
  • cannabis
  • driver’s licenses
  • gambling
  • “mature” adult content
  • car rentals
  • social media access

But what about fast food?

Anti-teen dining policies are nothing new, but this particular one is getting national attention.

The Kettering Chick-fil-A Teen Chaperone Policy

The Chick-fil-A in Kettering, Ohio (which apparently is a franchise and not company owned) posted the following last week:

“With school starting, we wanted to make sure that everyone is aware of our Teen Chaperone Policy. We are grateful for your support and want to make sure Chick-fil-A Kettering is a safe and enjoyable place for everyone! Thank you so much!”

From the Chick-fil-A Kettering Facebook page. (LINK)

Chick-fil-A Kettering Teen Chaperone Policy

To ensure a safe and respectful environment for all guests:

Guests 17 and under must be accompanied by a parent, guardian, or adult chaperone (age 21+) to dine in.

Unaccompanied minors may be asked to leave.

Thank you for helping us keep Chick-fil-Afamily-friendly!

Chick-fil-A Kettering

    For the moment let’s admit that the Chick-fil-A worker (who may or may not be 17 years old themselves) tasked with enforcing the rule will probably just eyeball the person and decide if they’re old enough.

    And let’s also ignore the business ramifications of this franchise’s actions, not only for the franchise location itself, but for all Chick-fil-A restaurants, including those who welcome people of all ages at all times.

    Brick-and-mortar, underage

    But there are some ramifications I want to address now.

    This is definitely a brand new use case unlike the others, both because

    • it affects a brick-and-mortar establishment (not a virtual one), and
    • it affects people under the age of 18 whose ages are difficult to authenticate.

    The last point is a big one I’ve addressed before. People under the age of 18 may not have a driver’s license or any valid government ID that proves their age. And if I’m a kid and walking to the Chick-fil-A, I’m not taking my passport with me.

    In a way that’s precisely the point, and the lack of a government ID may be enough to keep the kids out…except that people over the age of 18 may not have a driver’s license either, and thus may be thrown out unjustly.

    Enforcing a business-only rule without government backing

    In addition, unlike alcohol or cannabis laws, there are very few laws that can be used to enforce this. Yes, there are curfew laws at night, and laws that affect kids during school hours, but this franchise’s regulation affects the establishment 24 hours a day (Sundays excluded, of course).

    So Chick-fil-A Kettering is on its own regarding the enforcement of its new rule.

    Unless Kettering modifies its municipal code to put the rule of law behind this rule and force ALL fast food establishments to enforce it.

    And then what’s next? Enforcement at the Kettering equivalent of James Games?