Are we ready to sacrifice personal freedom for illusory security in the digital world?
Dangerous Transformation
The concept of universal age verification is rapidly transforming from a protective measure into a tool for total surveillance. This alarming development was stated by Proton's head, Andy Yen. He believes that the current push for mandatory verification online is already laying the groundwork for large-scale collection of personal data, destroying anonymity.
Attempts to implement age verification are actively underway in dozens of countries and in nearly half of U.S. states. Lawmakers aim to shield children from harmful content; however, in practice, users are forced to present documents or undergo biometric identification even for ordinary page views. Human rights advocates have long sounded the alarm, claiming that this approach fundamentally alters the very structure of the internet.
Data Leaks: An Inevitable Reality
The main complaint from Proton's head, Andy Yen, concerns not the noble goal but the architecture of the system itself. Age verification almost always implies the collection and storage of confidential data by third-party services. Experience from recent years convincingly demonstrates that such databases inevitably become victims of leaks.
For instance, in October 2025, the platform Discord officially acknowledged a breach of its contractor responsible for user verification. As a result of this incident, attackers gained access to information from over 70,000 individuals, including their document photos. Government initiatives, according to critics, do not inspire greater trust.
Thus, the European Union's age verification app was reportedly hacked by researchers in just a few minutes. The logic is simple: the more valuable information is concentrated in one place, the more attractive a target it becomes for hacking attacks. Moreover, we are not talking about easily replaceable passwords but about documents and biometric data that cannot simply be changed after a leak.
Hidden Motives of Platforms and the Expansion of Control
Andy Yen also points out another facet of the problem – the hidden interests of large tech platforms. He believes that some companies support age verification not only out of genuine concern for user safety. Transferring control to the level of the entire network or directly to devices relieves services of part of the responsibility for the content they host, allowing them to maintain their profitable advertising models.
There are already active discussions about having operating systems, such as Apple and Google, conduct age verification. In the UK, Apple has already implemented similar mechanisms, provoking sharp criticism from privacy advocates. However, the risks are not limited to just age restrictions.
If the system can block access based on one parameter, expanding the list of criteria will be easy. These same mechanisms could be used to filter content based on country of residence, social status, or any other characteristics. In such a model, anonymity completely disappears, significantly complicating the work of journalists, activists, and anyone in need of secure communication.
The Path to Safe Verification and the Root of the Problem
Nevertheless, Andy Yen considers a complete rejection of verification an unrealistic scenario. Therefore, in his view, the system must be built entirely differently. Verification should occur directly on the user's device, excluding the transmission of documents to remote servers.
Biometric data should only be used for instant verification followed by immediate deletion. Ultimately, the system should provide only one answer – whether the user has reached the required age – without any link to their identity. The transmission of this answer should occur using end-to-end encryption.
The source code of such solutions, according to Yen, must be open so that anyone can verify the transparency and security of the mechanism. The principle here is extremely clear: the safest data is that which was never collected at all. If a database does not exist, it cannot be hacked, transferred to third parties, or misused.
Furthermore, the main source of threats to children and adults online lies not in the lack of checks but in a business model focused on advertising and user attention retention. Platforms profit by encouraging users to spend as much time online as possible and actively tailor content to these interests. Until this fundamental model changes, any technical barriers will only act partially, failing to address the root of the problem.
