Legislative and Technical Approaches to Online Age Verification and VPN Restrictions
Lawmakers in several US states, including Wisconsin, are proposing legislation that would ban the use of VPNs for accessing websites with content deemed potentially harmful to minors. The proposed bill, A.B. 105/S.B. 130, mandates that such websites implement age verification systems and block users connected via VPN, significantly expanding the definition of restricted materials to include broad discussions of human anatomy, sexuality, and reproduction. Privacy advocates have raised concerns that these measures threaten user privacy and could have far-reaching implications for internet freedom and access.
In parallel, technical solutions for age verification, such as those implemented by platforms like Snapchat, are being scrutinized for their effectiveness and privacy implications. Current methods, including facial scans and editable birth dates, have proven unreliable, often allowing underage users to bypass restrictions while potentially excluding legitimate users. The debate highlights the challenges of balancing child protection with privacy rights, as both legislative and technical measures face criticism for their potential to overreach and create new security and privacy risks.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Third-party test reportedly bypasses Snapchat facial age check
According to the report relayed by Troy Hunt, someone well under 16 was able to pass Snapchat's facial age-verification scan, raising doubts about whether the control would be considered a reasonable safeguard. The post presented this as a single anecdotal data point rather than broad evidence of systemic failure.
Snapchat age-verification flow observed allowing DOB changes and facial scan
A Snapchat age-verification flow was observed in which a user marked as under 16 could change their date of birth and then complete a facial scan for verification. The report described this as a privacy-preserving age check intended to enforce age restrictions.
Australia advances social media age-checking for under-16s
Australia's proposed or ongoing social media ban for users under 16 was accompanied by guidance from the eSafety Commissioner, framing the push for age-verification controls on platforms. The references do not provide a specific implementation date for the policy development.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Debate Over Kids Online Safety Act and Age-Verification Requirements for Minors
Policymakers in multiple jurisdictions are advancing **child online safety** rules that would restrict minors’ access to social media, “addictive” product features, and certain content (including pornography), increasing pressure on platforms to implement **age assurance/age verification** to determine users’ ages before allowing access. The Lawfare analysis highlights that while protecting children online is a widely shared goal, enforcing age-based restrictions at scale effectively requires collecting and validating age signals for *all* users—raising significant implementation, privacy, and governance challenges as governments consider measures such as the **Kids Online Safety Act (KOSA)**, the **Kids Off Social Media Act**, and the **App Store Accountability Act**.
Jun 23, 2026
Government Pushes for Age Verification and Content Controls on Digital Platforms
The UK government is urging major technology companies such as Apple and Google to implement nudity-blocking systems on mobile devices, aiming to protect minors by requiring adult users to verify their age before accessing or sharing explicit images. This initiative, which currently stops short of a legal mandate, would leverage nudity-detection algorithms at the operating system level and could be expanded to desktop platforms in the future. The proposed measures would also require child sex offenders to keep such blockers enabled, reflecting a broader governmental effort to enforce age-appropriate content controls across digital ecosystems. Simultaneously, experts are raising concerns about the effectiveness of current age verification technologies, particularly those relying on consumer-grade cameras and AI-powered facial recognition. Research highlights that these systems may provide a false sense of security, as they are susceptible to spoofing and may not reliably authenticate minors. The debate underscores the technical and policy challenges in balancing child safety, privacy, and the practical limitations of available authentication methods on popular platforms like Roblox and other social media or gaming services.
Mar 21, 2026
Consumer Attitudes and Regulatory Shifts in Online Data Privacy and Age Verification
Recent research highlights that a majority of consumers believe they are primarily responsible for their own data privacy, with 67% of survey respondents indicating personal agency as the main factor in protecting their information. Despite this, consumers expect technology companies and regulatory agencies to support privacy through transparent systems and informed consent. However, practical decisions, such as choosing between free, ad-supported services and paid, privacy-focused alternatives, reveal that cost remains a significant factor in user choices, often outweighing privacy concerns. Simultaneously, 2025 saw the widespread implementation of online age verification requirements across Europe and the US, particularly for adult content and other regulated sites. These measures, intended to protect minors, have resulted in increased use of ID checks, geo-blocking, and VPN circumvention, raising new privacy and usability challenges. The tension between safety and privacy is evident, as most age verification methods require users to submit sensitive personal data, increasing the risk of exposure in the event of a breach. Regulators continue to push for stronger identity verification, but the practical impact has been confusion and restricted access for many users.
Mar 21, 2026