Tag Archives: age verification

I Like Wildebeests. 4Chan Likes Hamsters. But There Are Serious Jurisdictional Issues Involved.

In a recent article, Biometric Update’s Joel R. McConvey manages to be silly and serious simultaneously. The topic? 4Chan’s non-compliance with Ofcom’s age control rules.

The silliness originated with 4Chan, not McConvey.

“In keeping with its generally adversarial stance, 4chan says it won’t follow Ofcom’s rules because “the United Kingdom lost the American Revolutionary War,” and as such UK speech law doesn’t apply to companies based in the U.S.”

Preston Byrne of 4Chan apparently incorporated a picture of a hamster in his response to Ofcom. Byrne explains why on X:

“I told Ofcom in Oct that their letters, which were not properly served, would be shredded for my pet hamster’s enclosure.”

But there are obviously serious issues involved: in a dispute involving multiple nations, which laws govern? In this case, the apparent conflicting laws are the United States’ First Amendment, which 4Chan maintains lets it say whatever it wants regardless of the ages of the people involved, and the United Kingdom’s Ofcom regulations, which Ofcom maintains lets it regulate any website accessible in the UK, including 4Chan.

Of course, there’s a way to handle these demands from competing jurisdictions: block the age-insistent jurisdiction from accessing the website at all. As of November 28, 2025, Pornhub is inaccessible from the following states (unless you use a VPN, wink, wink): Alabama, Arizona, Arkansas, Florida, Georgia, Idaho, Indiana, Kansas, Kentucky, Mississippi, Missouri, Montana, Nebraska, North Carolina, North Dakota, Oklahoma, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, and Wyoming.

So 4Chan, Wikipedia, Meta, or anyone else who objects to UK age assurance regulations could simply block people in the UK from accessing its website. Google blocked Spanish access to Google Noticias (Google News) for years.

But it doesn’t appear that 4Chan is going to do that, instead opting for a “come over here and collect your stupid fines” stance.

Knowledge of Age Without Birthdate Does Not Provide Complete Privacy

In the past, I have gone on ad nauseam about how mobile driver’s licenses are more private than physical driver’s licenses. Here is how I stated it in July 2024:

“When you hand your physical driver’s license over to a sleazy bartender, they find out EVERYTHING about you, including your name, your birthdate, your driver’s license number, and even where you live.

“When you use a digital mobile driver’s license, bartenders ONLY learn what they NEED to know—that you are over 21.”

Which is extremely limited information.

But some age verification systems may provide your age in years, without necessarily revealing your exact date of birth.

That single number—whether it is 17, 27, or 57—reveals a lot more than we realize.

Let’s say that we know that Jill is 57 years old. This means that she was born in either 1968 or 1969. If Jill has lived her entire life in the United States, we immediately know several things about her with some certainty.

  • First, we know that she is part of Generation X, which means she may exhibit skepticism rather than corporate loyalty, and a comfort level with email rather than Telegram or what we now refer to as “voice calls.”
  • Second, we know the types of experiences she probably had in her childhood and teenage years. She probably played with Star Wars toys as a kid. She knew a little bit about Billy Carter, the funny Presidential brother. She feared for the lives of the hostages in Iran.
  • Third, we know the types of experiences she didn’t have. She never saw a cigarette commercial on TV. If she watched Star Trek, she saw it on an “independent” station, not on NBC during prime time. She never feared for the lives of the Israeli Olympians in Munich.

It’s not a lot to go on, and it may not be 100% accurate if Jill grew up in a household that viewed television as demonic.

But it’s enough for a product marketer to shape age-sensitive product marketing.

This isn’t true for all products. Biometric system marketing, for example, isn’t affected by the age of the government procurement officer who is buying the biometric system.

But if your product appeals to some ages more than others, knowing the ideal age of your target audience personas shapes your content. If your target audience is just out of college, “I can’t believe I ate the whole thing” is meaningless to them.

Why Did Apple Implement iPhone/iPad Age Verification in the United Kingdom?

There has been ongoing debate on whether age verification should be implemented at the website level or at the operating system level…or not at all.

In the United Kingdom, Apple is opting for OS level age verification, according to the BBC.

“Apple is rolling out age checks for iPhone and iPad users in the UK that will ask them to verify if they are adults to access “certain services” such as 18-plus apps.

“After customers accept the latest iOS 26.4 software update, they will be asked to verify their age, which they can do by providing a credit card or scanning their ID, according to an Apple support page.

“Those who do not confirm how old they are or are underage will have web content filters turned on automatically.”

Specifically, according to Apple:

“When creating a new Apple Account or using Apple services, you may see a prompt asking you to confirm that you’re an adult. This is required by law in some countries and regions.”

Regarding that last sentence, is OS level age verification REQUIRED? Silkie Carlo of Big Brother Watch says no:

“Carlo told the BBC she believed Apple had “crossed the Rubicon” with its new software update which she described as “more like ransomware”, and which she said essentially left millions of Brits owning a “child’s device”, unless they complied with the age checks.

“And she said while she believed children’s online safety was vital, it required more thoughtful tech responsibility and not “sweeping, draconian shock demands by foreign companies for all of our IDs and credit cards”.”

Note the appeal to resist the “American” company, which raises questions about whether Apple’s collection of this information potentially violates United Kingdom privacy laws if the data is sent to Cupertino.

For the record, Ofcom currently only requires age verification for pornographic sites, not for everything.

So why did Apple do it if UK law doesn’t require it?

Two reasons:

  • Future proofing. While the UK and other jurisdictions do not require age verification at the OS level now, they may require it at some point. If so, Apple has already implemented it in the UK (for iPhones and iPads) and can implement it elsewhere.
  • CYA. A jury in California awarded damages after finding that Meta and Google were responsible for a woman’s anxiety and depression, suffered because of her social media use as a child. Apple doesn’t want to face a similar lawsuit.

Incidentally, it’s interesting to note that these and other stories pair “Meta” and “Google.” Does no one refer to “Alphabet” (Google’s parent company) any more?

When Companies Can’t Target Prospects Under Age 16

If you’re on a platform such as Facebook, you sometimes receive advertisements that are VERY specific. Such as, “This is the perfect drink holder for California white males over the age of 50!” It’s almost as if they know everything about you…because they do.

Unless you implement privacy restrictions and don’t allow platform advertisers to reference your personal information.

Of course, if the advertiser isn’t able to narrowcast directly to you, the advertiser will broadcast to everybody.

And Facebook will start showing you advertisements in Chinese.

Qiaobi.

And if you complain to Facebook and ask why you’re seeing Chinese ads, Facebook will simply reply, “We are prohibited from using your personal information. Since there are a billion Chinese, we take a guess that you’re Chinese and show you those ads.”

Which brings us to age and social media.

The Under 16s Are Blocklisted

Back when Marky Mark created The Facebook, he initially targeted college-age users. But as time went on, Facebook and its competitors started aiming for younger ages.

This makes sense. Advertisers want to target consumers who are suspectible to changing their minds and are not set in their ways. So while a super kewl soft drink manufacturer isn’t going to target me, it is going to target 18 year olds…and 16 year olds…and 14 year olds…and 12 year olds.

A recent DKC report stated that 42% of all household spending is influenced by 8- to 14-year-olds, and that this age group is DIRECTLY spending over $100 billion per year.

So you can bet that advertisers are clamoring to purchase ad time on Facebook, TikTok, and the other social media services to get a pipeline to the brains of these 8 to 14 year olds…whoops, 12 to 14 year olds, since most social media services require you to be at least 12 years old to have an account.

But what if access to that entire age group is cut off entirely?

We’re seeing all over the world that jurisdictions are enacting or trying to enact bans on the use of social media for people under 16 years of age. The latest country to propose such a move is Indonesia:

“Authorities in the country, which is Southeast Asia’s largest economy, said Friday they expect social media platforms to deactivate the accounts of under-16s from March 28, starting with YouTube, TikTok, Facebook, Instagram, Threads, X, Bigo Live and Roblox.”

In other words, all the popular sites that teens love.

And in certain jurisdictions, the companies will implement age verification and age estimation technology to ensure that kids don’t like about their ages to get in.

Assuming these prohibitions stand, this causes a huge problem for B2C marketers that target teens: how do you market to them when the direct pipelines to this age group are cut off?

I’m just thankful that Bredemarket and its clients sell to adults. You don’t really see 13 year olds buying biometric technology.

Unintended Consequences of Age Assurance…and What Happens Next (VPNs vs. Zero Trust)

More and more jurisdictions are mandating age assurance (either age verification or age estimation) to access online services. Perhaps racy content, perhaps gambling content, or in some cases even plain old social media. But in a technical sense these age assurance mechanisms are a network problem…and you can just route yourself around a problem.

Your jurisdiction doesn’t allow you to visit the Sensuous Wildebeests website? Just install a virtual private network (VPN) to pretend that you’re in a different jurisdiction that allows access.

Problem solved…for now.

But Secrets of Privacy indicates what’s next:

“After the Online Safety Act triggered a 6,000+% surge in VPN usage, the House of Lords tabled an amendment to ban children from using VPNs. Under the proposal, VPN providers would have to verify the age of all UK users. The government has said it will “look very closely” at VPN usage.”

For more information on this proposal, see TechRadar.

Google Gemini.

And this is just one of many examples of government examination, and perhaps regulation, of VPN use.

But as Secrets of Privacy points out, there’s one big problem. VPN users aren’t only kids trying to dodge the law, or individuals trying to protect their privacy. There’s one very big class of VPN users who would NOT appreciate government regulation.

“VPNs are fundamental to modern business IT, which makes a “ban” hard to envision. Every corporation with remote workers uses them. Diverse industries, such as banking, law, finance, and ecom giants all depend on VPN technology. You can’t ban VPNs without breaking the backbone of modern IT systems.”

Google Gemini.

Of course, some argue that VPNs are an outmoded security mechanism. Here’s what Fortinet says:

“VPNs were developed when networks were different than they are now. Before the advent of cloud applications, resources were isolated within a secure corporate network perimeter. Now, modern networking infrastructures are being deployed that can quickly adapt and scale to new business requirements, which means applications and data are no longer contained within the corporate data center. Instead they reside across distributed multi-cloud and hybrid data center networks.

“This change has led to a rapid expansion of the attack surface, and in the face of this changing cybersecurity environment, Zero Trust Network Access (ZTNA) has received more attention as an alternative to VPNs for remote access.”

Of course, VPNs will fade away at the same time the password dies…in other words, not any time soon. And while Secrets of Privacy speculates about a two-tier solution in which corporations can use VPNs but individuals cannot…we’ll see.

Do you have trust, or zero trust, that VPNs will be regulated in ALL jurisdictions in the future?

Ask questions.

Surfin’ Identity

Imagine if Capitol Records employed age verification in 1963.

Some musicians reach superstardom in their early 20s, feeling tremendous pressure at a young age. 

But sometimes they’re younger: when “Surfin’ U.S.A.” hit number 3 on Billboard and Cash Box, surf guitarists Carl Wilson and (soon to depart) David Marks were 16 and 14, respectively.

Of course, Capitol Records would face a bigger problem—Know Your Composer. Brian Wilson did not write the song alone.

Kalshi, Polymarket, DraftKings, FanDuel, and Gambling Legality

(Bredebot helped write small parts of this post.)

Is it only smartphone game app users who are inundated with an unrelenting barrage of Kalshi ads?

If nothing else, the barrage inspired me to research Designated Contract Markets (DCMs). A DCM is a status granted and regulated by the Commodity Futures Trading Commission (CFTC), a federal agency. As such, Kalshi argues that it is exempt from state gaming regulations because it’s not hosting gambling. It’s hosting futures trading.

Gemini.

But Kalshi and similar apps such as Polymarket are opposed by DraftKings, FanDuel, and other sports betting apps. They make no pretense of “trading futures,” but comply with state-level gambling regulations, and use geolocation to prohibit mobile sports betting in states such as California where it is illegal.

And both are opposed by Native American casinos governed by the Indian Gaming Regulatory Act (IGRA) of 1988, which allows sovereign tribal nations to host traditional Indian games.

And they are opposed by other card houses, racetracks, bingo games, and state sponsored lotteries.

And all are opposed by the traditional Las Vegas casinos…except when they themselves host mobile apps and strike licensing deals with Native American casinos.

But the mobile app variants not only deal with geolocation, but also digital identity verification and age verification. 

And employment verification or non-verification to ensure that football players aren’t betting on football games.

Gemini.

Plus authentication to open the app and ensure Little Jimmy doesn’t open it.

Gemini.

There are all sorts of gaming identity stories…and Bredemarket can help identity/biometric marketers tell them.

Stop losing prospects! Use Bredemarket content for tech marketers

More On The Positive Economic Impact of Age-Controlled Products and Services

The U.S. Census Bureau has provided follow-up information that supplements its earlier report on Native American casinos, which I previously discussed. It turns out that the immigrant populations (you know, people of English and other descents) are cashing in also.

“The national total of state sales tax revenue from sports betting soared 382%, from $190 million in the third quarter of 2021 (when data collection began) to $917 million in the second quarter of 2025, according to the U.S. Census Bureau’s Quarterly Summary of State and Local Tax Revenue (QTAX).

“Sports betting became possible in May 2018 when the U.S. Supreme Court struck down the Professional and Amateur Sports Protection Act. Since then, a majority of states have legalized some form of sports betting; including online, mobile, retail sports betting and pari-mutuels (such as wagers made on horse-racing).

“Sports betting is a growing industry, and the tax revenue it generates helps fund public schools, roads, highways, law enforcement and gambling addiction treatment.”

Read the entire piece here.

Federal Trade Commission Age Verification (and estimation?) Workshop January 28

A dizzying array of federal government agencies is interested in biometric verification and biometric classification, for example by age (either age verification or age estimation). As Biometric Update announced, we can add the Federal Trade Commission (FTC) to the list with an upcoming age verification workshop.

Rejecting age estimation in 2024

The FTC has a history with this, having rejected a proposed age estimation scheme in 2024.

“Re: Request from Entertainment Software Rating Board, Yoti Ltd., Yoti (USA) Inc., and Kids Web Services Ltd. for Commission Approval of Children’s Online Privacy Protection Rule Parental Consent Method (FTC Matter No. P235402)

“This letter is to inform you that the Federal Trade Commission has reviewed your group’s (“the ESRB group”) application for approval of a proposed verifiable parental consent (“VPC”) method under the Children’s Online Privacy Protection Rule (“COPPA” or “the Rule”). At this time, the Commission declines to approve the method, without prejudice to your refiling the application in the future….

“The ESRB group submitted a proposed VPC method for approval on June 2, 2023. The method involves the use of “Privacy-Protective Facial Age Estimation” technology, which analyzes the geometry of a user’s face to confirm that the user is an adult….The Commission received 354 comments regarding the application. Commenters opposed to the application raised concerns about privacy protections, accuracy, and deepfakes. Those in support of the application wrote that the VPC method is similar to those approved previously and that it had sufficient privacy guardrails….

“The Commission is aware that Yoti submitted a facial age estimation model to the National Institute of Standards and Technology (“NIST”) in September 2023, and Yoti has stated that it anticipates that a report reflecting NIST’s evaluation of the model is forthcoming. The Commission expects that this report will materially assist the Commission, and the public, in better understanding age verification technologies and the ESRB group’s application.”

You can see the current NIST age estimation results on NIST’s “Face Analysis Technology Evaluation (FATE) Age Estimation & Verification” page, not only for Yoti, but for many other vendors including my former employers IDEMIA and Incode.

But the FTC rejection was in 2024. Things may be different now.

Grok.

Revisiting age verification and age estimation in 2026?

The FTC has scheduled an in-person and online age verification workshop on January 28.

  • The in-person event will be at the Constitution Center at 400 7th St SW in Washington DC.
  • Details regarding online attendance will be published on this page in the coming weeks.

“The Age Verification Workshop will bring together a diverse group of stakeholders, including researchers, academics, industry representatives, consumer advocates, and government regulators, to discuss topics including:  why age verification matters, age verification and estimation tools, navigating the regulatory contours of age verification, how to deploy age verification more widely, and interplay between age verification technologies and the Children’s Online Privacy Protection Act (COPPA Rule).”

Will the participants reconsider age estimation in light of recent test results?