Age Verification Laws are Good

Governments worldwide are rolling out online age verification systems. The stated reason is always the same: protect children from harmful content. But a growing number of voices are sounding alarm bells, and they deserve to be heard.

The Alarm

The concern is straightforward. An age verification system is, by technical necessity, an identity attribution system. To verify that you are an adult, someone has to check who you are. Once that link exists, your real identity tied to your online presence, the question is no longer whether the system can be used to track what you say and do online. It can. The question is whether it will.

And here is why that matters beyond individual privacy: a government with reliable access to the link between real identities and online activity has a tool that fundamentally changes the balance of power between citizens and the state. Whistleblowers become identifiable. Political dissidents become trackable. Journalists protecting sources face a new and automated threat. Critics of government policy can be catalogued.

A government that is already authoritarian-leaning, or that becomes so in the future, with this infrastructure in place is very difficult to resist. The history of the 20th century is a history of governments that were trusted by their citizens, and then stopped being trustworthy. The assumption that “our government would never abuse this” is not a guarantee. It is a bet. And the downside of losing that bet, with this particular infrastructure in place, is severe.

These concerns are being raised widely.¹²³

But Age Verification Is a Good Idea

Many of the voices raising these alarms make a mistake: they completely discard the possibility that this is being rolled out in good faith, as a genuine response to a genuine problem. That dismissal weakens their case, because the problem is real.

There is a genuine and documented danger being reacted to here, largely ignored by opponents of these laws. The scale of child sexual abuse material online, the role of algorithmic amplification in pushing harmful content to minors, and the explicit warnings from law enforcement that existing investigative tools are failing against encrypted platforms are all well-documented⁴⁵⁶⁷⁸. That danger is not the topic of this post. I want to focus on the technical side: given that some form of age verification is coming, does the technology being deployed actually contain the surveillance risk, or not?

So that is the core question. Is this a sensible reaction to a growing danger, with the risks of abuse properly mitigated? Or is “protect the children” an empty front, and a grab for communicative control the true intent?

Let’s look at the actual technology.

What Is Being Implemented

US and UK: Just Trust Us

The United States has no coherent federal system. What exists is a patchwork of 25+ state laws, most of which require you to photograph your government-issued ID and upload it to a private third-party company you have never heard of. They extract your name, date of birth, address, and document number, take a facial scan for liveness, and claim to delete it afterward. You cannot verify that claim.

The breach record is already ugly. In October 2025, Discord’s age verification vendor was breached, exposing approximately 70,000 government ID photos⁹. The same month, researchers discovered an unprotected database linked to IDMerit, a major identity verification provider, containing over one billion personal records across 26 countries; the US alone accounted for over 203 million exposed records¹⁰. These are not edge cases; they are structural. Every law mandating ID upload creates another honeypot of the most sensitive documents imaginable. And unlike a password, you cannot rotate a government ID after it leaks.

Mass-scale deanonymization under this system requires almost nothing: subpoena the verification vendor, cross-reference with platform account logs, done. The vendor has your real identity. The platform has your posting history. The join is a single database query. There is no cryptographic protection whatsoever. The system relies entirely on legal constraints and the good behavior of private companies. Both of those can change.

The UK is no better. The Online Safety Act mandates age verification with no meaningful privacy architecture; facial scans, passport uploads, and credit card checks are the accepted methods¹¹. Ofcom is already fining platforms for non-compliance, having opened investigations into more than 90 platforms and issued six fines by February 2026, including an £800,000 fine against Kick Online Entertainment and a £1.35 million fine against an adult website operator¹². The government is also actively considering restricting VPN use to prevent people from circumventing these checks¹³.

In both systems, mass-scale automated deanonymization is not a hypothetical future risk. It is a database join away.

The EU’s ZKP System: Actually Good

The EU has been working on something architecturally different, and it deserves genuine credit. The planned system is based on Zero-Knowledge Proofs, and it is actually just an age prover. Here is how it works.

When you enroll, a government-linked issuer; a national registry, a bank, your mobile operator; checks your real ID once. It issues you a batch of 30 single-use cryptographic tokens. Each token encodes exactly one fact: you are over 18. No name, no date of birth, no document number.

When a website asks you to verify your age, your device generates a Zero-Knowledge Proof; a piece of mathematics that proves you hold a valid token without revealing the token itself, or anything about you. The website receives a yes/no answer. Nothing linkable. The issuer is never contacted at verification time; everything happens on-device. Each proof is computationally unlinkable from every other proof you will ever generate¹⁴.

A court order served to the website gets a proof blob that reveals nothing. A court order served to the issuer gets confirmation that you are enrolled. If enrollment is universal, every adult in the system, that reveals nothing at all. It is equivalent to “this person is an adult,” which is already public knowledge.

This is what “prove your age and nothing else” actually looks like when you mean it. The privacy guarantee is mathematical, not legal. A future bad-faith actor cannot abuse it, because the cryptography does not permit it.

Except

The ZKP system is not the only system the EU is working on. And this is where things get complicated.

The ZKP constructions required for a system like this are powerful but young. This is not a theoretical concern. Ethereum has operational ZKP-based L2 rollups (zkSync, Polygon zkEVM) running in production since 2023, so the technology clearly works in constrained contexts. But Ethereum’s own engineers have not yet trusted it sufficiently to use it for L1 block validation; as of 2026 that work is still at the proposal stage, with Vitalik Buterin predicting ZKP-based L1 validation will become the primary method between 2027 and 2030¹⁵. Getting ZKP right at scale, in a high-stakes context, takes time. The L2 rollups took years of careful engineering to reach production quality. That context matters here.

The EU’s specific ZKP implementation is based on a construction called ECDSA Anonymous Credentials, described in a 2024 paper by Frigo and shelat¹⁶. The official specification labels it “experimental,” describes the implementation as not yet peer-reviewed, and notes that a recognized standard is “not expected in the near term”¹⁷.

So the EU also has a backup: the batch mdoc system. This is what is actually deployed in the 2026 pilot.

The backup works like this. The issuer gives you 30 single-use credentials in ISO mdoc format, the same standard used for mobile driving licenses. Each credential contains only age_over_18 = true. Each is discarded after one use. Timestamps are coarsened so all 30 look identical. When you verify your age, you present one credential directly to the website.

The problem: each credential contains a unique cryptographic signature. The issuer, if it retained the credential metadata it issued; which the specification does not explicitly prohibit; can map your real identity to that batch, and to each of the 30 signatures within it. Any website that logs which credential verified which account can, via a court order served to the issuer, have that credential traced back to you.

Mass-scale automated deanonymization is difficult under this system. But per-case, court-ordered deanonymization is entirely possible. You might say: a court order is fine. If the government needs a court order to identify someone, that is a reasonable legal safeguard. And it is, as long as the legal situation remains what it is today. The issue is that the court order requirement is a legal detail, not a technical restriction. The law can change. And once the infrastructure is in place, changing the law to permit broader access is a much lower barrier than building the infrastructure from scratch.

The current EU plan is to roll out this backup system now, then upgrade to ZKP once the cryptography matures¹⁷.

The Good Faith Argument and the Switcheroo

One could argue that the EU’s ZKP architecture is itself evidence of genuine good intent. The chosen ZKP scheme is specifically engineered to require zero changes on the issuer side¹⁶. A government that wanted to secretly retain a surveillance capability would not design it that way; they would make the issuer an online participant at verification time, creating a natural logging point. The EU did not do that.

But consider the counter-argument. Showing the public that you care, proving it cryptographically, then deploying a weaker system as a “temporary gap-filler” is the cleanest possible way to roll out a surveillance system without resistance. Design the right system. Announce it. Show the math. Generate favorable coverage. Then deploy the backup, treat the good system as a future upgrade, and let inertia do the rest.

Nothing is more permanent than a temporary solution. Once the backup system is deployed widely; once every major platform has integrated it, once hundreds of millions of Europeans have enrolled; upgrading to ZKP requires political will to reduce the government’s own retroactive traceability capability. Governments do not historically volunteer to do that.

So this is where it comes down to: either the EU’s pursuit of the highest possible privacy standards is genuine, the ZKP work is stalling for real technical reasons, and the backup system is a genuine temporary gap-filler while the better technology matures; or this is a coordinated effort by governments to end anonymous speech online, with the ZKP work funded purely as a credibility shield and never intended for actual deployment.

Which Is It?

The conspiracy reading requires believing that the EU, US, UK, and Australian governments are all coordinating toward the same end goal, and that the EU’s ZKP work is an elaborate front. That is possible. But the mundane explanation is also entirely coherent: the required ZKP constructions are genuinely not ready for this use case. Age verification pressure is real and building. A technically imperfect interim system gets deployed while the better one catches up.

On balance, the bad-faith arguments fall apart once you look closely at the EU’s technical choices. And the unmitigated-risk arguments are weak against the EU plan specifically. The interim system is not perfect, but if we accept that the danger being averted is genuine, it is the best available option within the required timeframe.

Where We Should Land

What I would wish for is straightforward. The EU rolls out the ZKP system and only the ZKP system. It is the only provably safe option; the one against which neither the bad-faith argument nor the unmitigated-risk argument can stand. But we have to be realistic. The underlying ZKP constructions are not ready. Ethereum has operational ZKP L2s, yes, but has been working toward trusting the same technology for L1 validation for years and is still not there. Getting it right takes time, and the cost of getting it wrong is high. Age verification is coming now, not when the cryptography matures. Given those constraints, the EU’s planned backup system is the best available option, and it is good enough, provided it remains genuinely temporary.

ZKP must not be dropped. It should be the system the EU transitions to when ready, with a clear legal mandate ensuring that transition actually happens. The backup is a bridge, not a destination. When that transition happens, moving off ECDSA would also be worth considering: P-256’s curve constants have uncertain provenance, and the NSA’s confirmed history of backdooring NIST-blessed primitives makes that concern non-trivial, if perhaps overcautious.¹⁸ Ed25519 is the cleaner choice; not a drop-in replacement, but an equivalent construction is achievable.

In the EU’s case, the technical choices made are sufficient evidence that this is a genuine, good-faith response to a real and growing problem. The privacy risks are not ignored but engineered away. Other systems, including those of the US, UK, and Australia, do not meet that bar. These implementation details matter more than they might appear: a system built without privacy guarantees is also, incidentally, a system that could be turned toward surveillance and the restriction of free speech. Whether that is the intent is beside the point; incompetence is far more likely than malice, but the capability, once built, exists regardless. Just copy the EU system. It is open source. The upgrade path to true ZKP is documented.

Go EU.