The problem is how the verification happens. You aren’t verifying your age with the government. You’re routing it through an independent third party, and most of the laws on the books are designed specifically in this way. In the UK, for example, Reddit verifies with Persona, and Bluesky uses Kids Web Services (owned by Epic Games).
Persona’s privacy policy states that it collects not only biometric information and personal details, like your ID, but also ties that to information gathered from third-party sources. It also retains that information and is free to share it with others.
“Age verification laws threaten individual privacy by requiring individuals to submit highly sensitive personal data, such as government-issued IDs or biometric scans, to access material online,” Rindala Alajaji, a legislative activist at EFF, tells WIRED. “This opens the door for potential breaches and misuse.”
It’s data brokerage at the behest of the legislature, and organizations like the American Civil Liberties Union (ACLU) say the laws limit free speech protections. Service providers also argue that the laws don’t protect minors. Pornhub, for example, says it saw an 80 percent drop in traffic from Louisiana in 2023 when the state passed an age verification law. It argues that these regulations only serve to push users to platforms that don’t comply with regulations.
“These laws don’t actually 'protect minors' or stop people from accessing adult content; they push users to unregulated, unsafe corners of the internet where privacy and safety protections are minimal, making the internet more dangerous for everyone,” Alajaji says.
Some services, such as Pornhub, have blocked access in these states in a seeming act of protest. Others, such as Mastodon, say they’re forced to shut down as it can’t provide verification information it doesn’t have. The result is the same: a fragmented internet where the services you can access are based on your physical location, and the only solution is to sacrifice your privacy.
What VPNs Can (and Can’t) Do
At a basic level, VPNs work by sending your traffic to a server within the provider’s network before going out to the open internet. By routing your traffic this way, it’ll appear as if you’re connecting from the server’s location. Unlike a proxy server, which does the same location spoofing, your connection is negotiated and encrypted with a VPN protocol. Combined with proper privacy measures on the VPN side, that should mean you and your online browsing are completely anonymous.
Courtesy of Windscribe
No system is perfect, though, and VPNs aren’t an exception. When you connect to a VPN, your traffic looks as if it’s coming from the VPN server, which itself poses a hurdle. If enough questionable traffic comes from a particular server, it’ll be blocked. Streaming platforms like Netflix might notice that an odd amount of traffic comes from one particular server in a certain location, and it may block that server from connecting. You can easily find massive lists of known VPN servers online. Some VPNs, like Proton VPN, are good at keeping up with this game of whack-a-mole. Others, like Private Internet Access, aren’t.
VPNs can hide where your internet activity is coming from, but it doesn’t totally hide who is engaging in that activity. VPNs are only concerned with your internet connection. They don’t touch other potentially personally identifiable information. Cookies, ad IDs, GPS, and other browser-based information can create a so-called “browser fingerprint.” This fingerprint isn’t as identifiable as your IP address, but a motivated traffic sniffer could build a fairly robust profile even while you’re connected to a VPN.