Another Analysis Concludes That Age Verification Doesn’t Work

Age verification has long been a broken technology and now, there is even more evidence concluding that it doesn’t work.

Age verification being a broken technology is not exactly news, this has been the reality for years now. Yet, for supporters of these laws, the argument for the broken technology is that you have to set aside the facts and reality of the situation and just believe hard enough. All you need is faith that at some point, someone will nerd harder, fix the broken technology, and thinking if the children will somehow magically solve all the problems by itself. It’s extremely unconvincing, yet, here we are.

Recently, an analysis out of Australia has made the natural conclusion that age verification is a broken technology that doesn’t work. This while also running a buzz saw through people’s personal privacy and security in the process. From Quadrant:

One good thing, though, is they published their data, even if they were not clear about their methods. So, we at FSU spent a week reanalysing some of it to see if their results were true.

We’ve made a full technical report that anyone can read and review. We learned what we expected: age assurance does not work, especially the much-touted age estimation. This perhaps isn’t surprising when one considers the amateur backgrounds of many of those involved in running the trial. One work package — ethics – was overseen by a recent Classics graduate whose ‘research experience’ was working in policy for the UK’s OFCOM – Australia’s equivalent of ACMA and eSafety. Another had a degree in Equine Studies. Another trial leader AAATT asserted is an ‘eminent specialist scientist’ despite very few research publications in recognised venues. The result was a report that read like a sales brochure, not a genuine scientific document.

Ouch, not exactly off to a good start for one of a number of governments pushing these laws, but hey, at least the findings was published so a proper analysis could be found. So, they were able to offer some findings. That includes this:

Hidden away on the trial website were the individual test reports for each system. Here’s a screen shot of one of them. For the systems that were recommended as being workable today – i.e. that tech companies should deploy, the results include!

♦ Yoti: Based on the school testing, allows (at least) 30% of 13-year-olds and 56.4% of 15-year-olds to access age-gated content. (see: https://freespeechunion.au/AAATTReview/(see: https://ageassurance.com.au/wp-content/uploads/2025/08/IndividualTestReport-YOTI_AE.pdf)

♦ Luciditi: Based on the school testing, allows for (at least) 45% of 10-year-olds and 70% of 15-year-olds to access age-gated content. (see: https://ageassurance.com.au/wp-content/uploads/2025/08/IndividualTestReport-Arissian_AE.pdf)

♦ VerifyMy: Based on the school testing, allows for (at least) 30% of 13-year-olds and 68% of 15-year-olds to access age-gated content. Tthere were only four samples below the age of 13, so the performance could be worse. (see: https://ageassurance.com.au/wp-content/uploads/2025/08/IndividualTestReport-VerifyMy_AE-1.pdf)

♦ Unissey: Based on the school testing, allows for (at least) 34% of 12-year-olds and 84% of 15-year-olds to access age-gated content. (see: https://ageassurance.com.au/wp-content/uploads/2025/08/IndividualTestReport-Unissey_AE.pdf)

♦ Privately. Based on the school testing, allows (at least) 43% of 10-year-olds and 87% of 15 years to access age-gated content. Despite this, the Age Assurance Trial Website says in its ‘summary of results’ that it is a ‘strong example of a privacy-preserving, operationally ready technology that eliminates the need for identity documents or server infrastructure’. (see: https://ageassurance.com.au/wp-content/uploads/2025/08/IndividualTestReport-Privately_AE.pdf)

These findings aren’t really anything new. It has been a well known problem that the closer to the target age you are, the more likely the age verification is very wrong. The thing is, supporters of age verification often push the talking point that things have improved since then and that you just have to trust that the companies have solved all of those problems. The above findings show that that is not really the case and no amount of presenting press releases that doubles as a sales pitch is going to change that.

The analysis found that age verification systems are particularly inaccurate when it comes to people of colour. The analysis pointed specifically to first nations as being particularly problematic:

So we took those out and re-ran the analysis, including for two providers that were recommended (the providers were supposed to be anonymised, but we found a way to identify them). The systems didn’t work.

The most striking case is Privately, which would wrongly allow 84% of the tested First Nations people under 16 through the age-gate, whilst Yoti allowed 48% through. The overall average case with all available data allowed 59.5% of under 16’s through the age gate.

The underlying issue is that existing systems tend to considerably overestimate the age of “First Nations”, even on the synthetic data. When we looked at the real-world data, we found that some systems routinely make gross overestimates of the age of First Nations people — in extremis including cases such as a 15-year-old that one system marked as being 62.83 years old, and another 15-year-old that a different provider labelled as being 57 years old.

Another finding was that the government study refused to do anything other than taking the vendors word for it when it comes to privacy and security. Since the governments goal is to push this technology and damn the consequences, this isn’t really surprising. After all, other sources, such as French regulator, CNIL, concluded that the technology does not adequately protect people’s privacy while trying to be sufficiently accurate. These findings were backed up by at least two separate studies. Of course, the proof is in the pudding and going beyond the research and watching things play out in the wild can prove to be the ultimate test. For that, we’ve seen these systems out in the wild suffer from leaks, breaches, and hacks. In fact, AgeGO was recently busted tracking people’s online movements while claiming to be “double blind”. So, the real world pretty much backs up the findings by researchers on that front. So, from the Australian government, it’s no wonder that they refuse to do an actual proper security and privacy assessment and, instead, opt to just take the companies word for it. After all, those companies paid good money to bribe lobby the government.

Another finding was that the systems were far from frictionless with a number of respondents saying that the systems in place were difficult to use. This wasn’t an angle we ended up covering here, but it’s actually a great point to raise given how often politicians sell these schemes as easy to use.

The analysis found that the research conducted by the government fell short of basic research standards with unqualified people running the study with no real independent oversight. Because it was self-appointed people running the show, it was anything but independent.

The analysis’ conclusion?

The legislation around age verification requires ‘reasonable steps’ to be taken. The premise was that age estimation worked, so the more intrusive methods would not have to be deployed. But none of the so-called estimation methods work effectively, and there is no evidence that they comply with privacy obligations. They also appear to unlawfully discriminate in the experience they offer certain groups (many of whom the trial did not trouble to properly evaluate, such as disabled people).

The analysis adds to the ever expanding body of evidence that age verification is a broken technology. We’ve seen people respond to age verification technology deployments by flocking to non-compliant websites. This is something we’ve seen more than once.

What’s more, we’ve seen age verification be subject to censorship creep. We’ve seen this over and over and over again. In fact, it’s a trend that doesn’t appear to be slowing down any time soon.

If anything, we can toss this latest chunk of evidence over to the already large pile of evidence concluding that age verification doesn’t work. I’d like to think that government’s will finally start following the evidence and use that evidence to make policy decisions moving forward, but given what we’ve seen in the past already, that appears to be unlikely given how much government has abandoned evidence-based policy making.

Drew Wilson on Mastodon, Twitter and Facebook.