Opponents of age verification have long reached for a familiar argument: that checking someone’s age before they access online content is really an identity check in disguise. The claim is that platforms will inevitably end up knowing who you are, that anonymity will be destroyed and that age assurance is just surveillance by another name.
Whether deliberate or not, the effect is the same. It makes age verification politically toxic by associating it with something most people are genuinely far more uncomfortable with: mandatory identity disclosure as a condition of accessing parts of the internet where there is insufficient justification for it.
The problem is not only that the argument is wrong, but also that it has unintended consequences that those making it do not appear to have fully considered.
Age verification does not require identity disclosure. A biometric age estimate, a bank-derived age signal or a selectively disclosed age attribute from a digital wallet can all confirm that a user meets an age threshold without telling the platform who that user is. The technology has been specifically designed to separate age from identity. Much of the innovation in age assurance over the last decade has been driven precisely by the desire to avoid identity disclosure. Third-party providers, double-blind architectures, reusable credentials, selective disclosure technologies, digital wallets, on-device processing and age estimation were developed to answer privacy concerns, not to circumvent them. Even where an authoritative identity document is used upstream to establish age, modern credential and wallet systems need disclose only a data-minimised age attribute such as “over 18”, rather than a user’s name, document details or other identifying information. The relying service receives confirmation that an age threshold has been met, not the underlying identity. So, the conflation is increasingly unpersuasive to policymakers who are briefed on the capability of these evolving technologies, as the rapid global spread of legislation demonstrates.
But here is where the strategic miscalculation of critics becomes significant. Age assurance is coming. The legislative and regulatory direction across the US, Europe and beyond is unambiguous. The question is no longer whether age checks will be required at the door of social media platforms, AI services and adult content sites. It is what form those checks will take.
If the dominant public narrative, repeated loudly and often by critics, is that age verification and identity disclosure are the same thing, then when age verification becomes ubiquitous, the much of the public will believe that identity disclosure is already in force. That will handicap those making the case for preventing it.
Legislators who might otherwise be persuaded to require privacy-preserving age verification will instead face constituents who assume identity linkage is already baked in. Platforms with an interest in knowing exactly who their users are will find it considerably easier to argue for retention of identity data. And the campaigners who spent years insisting that age checks meant identity checks will have made that argument for them.
Age verification without identity disclosure is not just technically possible. It is the policy outcome that privacy advocates, civil liberties organisations and child safety campaigners should all be able to support. Protecting that outcome requires preserving the distinction between the two, not erasing it.
Those who conflate age verification with identity checks in order to oppose the former may yet succeed in delivering the latter.