Age verification is about age – not identity

Connecticut has the chance to lead with smart, privacy-respecting legislation.

by Iain Corby May 22, 2025 @ 12:01 amJune 17, 2025 @ 8:22 am

In his opinion piece, Adam Kovacevich, of the paradoxically named Chamber of Progress, misrepresents the nature of modern online age checks.

Contrary to his claim, effective age verification (‘AV’) does not require either identifying users or building databases of sensitive personal data. In fact, industry-standard systems ensure there is nothing to hack – because no personal data is retained at all.

Today’s age assurance solutions, recognized as “highly effective” by the UK’s globally-respected regulator, Ofcom, already in use across many European Union member states and about to be required in Australia to keep young children off social media completely, use techniques that determine on only your age, never your identity.

Privacy-preserving technologies like zero-knowledge proofs (ZKPs), outlined in standards such as ISO/IEC 27566 and IEEE 2089.1, allow independent, regulated third-party age-verification providers to confirm a user is over or under a threshold age without the websites or platforms they are accessing ever knowing who they are.

The data breaches Kovacevich references were not from age verification providers – who are audited and certified to avoid retaining personal data – but from identity verification services, which necessarily store information that could be compromised. That distinction matters.

Modern age verification does not rely only on government-issued ID. It can be achieved through tokenized signals, anonymized hand movement and facial estimation (where images are immediately deleted, and often never leave the palm of your hand as the estimate is processed on your own smartphone), or verified credentials stored securely in users’ own devices. These approaches work across all communities, including those who lack traditional ID or are rightly concerned about discrimination or surveillance.

Equally misguided is the idea that platforms will downgrade services for everyone. Just as websites currently tailor content based on device, location or cookies, they can provide age-appropriate access without creating a “Disneyfied” internet. The latest interoperable technology means you can do one age check and then use it across multiple sites – truly making the Internet age-aware. Note that is age, not identity. The essence of the age verification industry is proving your age without disclosing who you are.

Laws do need to be carefully drafted – targeting only harmful content and functionality, not entire apps that for many young people are the principal way they access the many benefits of the Internet. But dismissing age assurance entirely ignores the global shift towards privacy-first, standards-based solutions that protect children without compromising adult freedoms.

Connecticut has the chance to lead with smart, privacy-respecting legislation. That means rejecting myths and recognizing that age verification is not about identity – it’s about child safety, anonymity, and trust.

Iain Corby is the Executive Director of the Age Verification Providers Association.

Understand Connecticut news — and why it matters.

Learn more about Connecticut — every morning.

Learn more about
Connecticut — every morning.