Tag: digital id

The FCC Wants Your ID Before You Get a Phone Number

The era of the anonymous phone number could be ending. On April 30, the Federal Communications Commission unanimously approved a proposal requiring telecom providers to verify customers’ identities before activating service.

Government-issued ID, physical address, legal name, and existing phone numbers would all be included. The stated goal is stopping robocalls. The result would be an identity-verification regime covering one of the last semi-anonymous communication tools available to ordinary Americans.

The proposal applies to nearly every voice provider in the country, from traditional carriers and mobile operators to VoIP services. The FCC is seeking public comment on specifics, but the direction is clear.

FCC Chairman Brendan Carr framed it around negligent carriers. “As we have continued to investigate the problem of illegal robocalls over the last year, it has become clear that some originating providers are not doing enough to vet their customers, allowing bad actors to infiltrate our U.S. phone networks,” he said. Some providers, he added, “do the bare minimum (or worse) and have become complicit in illegal robocalling schemes.”

That language targets telecom companies and the surveillance targets everyone else.

The framework borrows from banking’s anti-money-laundering rules. The FCC is also asking whether carriers should retain identity documentation for at least four years after a customer leaves and whether they should check customers against law enforcement watchlists. Penalties would shift to a per-call basis, meaning fines of $1,000 to $15,000 for every illegal call a poorly verified customer places.

The real privacy stakes sit in the proposal’s section on prepaid service. Right now, you can pay cash for a prepaid phone and SIM card without showing identification. Journalists use prepaid phones to protect sources, domestic violence survivors use them to avoid being traced, and whistleblowers, activists, or anyone with a reason to separate phone activity from legal identity relies on this.

Keep reading

Age Verification Psyop? Kids Bypass Government Tech With FAKE MOUSTACHES

The UK government’s much-hyped age verification system for social media has been reduced to a joke overnight – and the punchline is being delivered by schoolkids armed with makeup pencils and fake facial hair.

A damning new report from Internet Matters reveals that more than a third of UK children have already figured out how to dodge the latest “safeguards” imposed under the draconian Online Safety Act.

Methods include entering fake birthdays, borrowing logins, and – most hilariously – drawing on fake moustaches to fool facial age estimation tech. One parent admitted catching her son using an eyebrow pencil; the system promptly verified him.

This comes as ministers double down on plans to restrict or outright ban social media access for under-16s. Just days ago, Education Secretary Bridget Phillipson and junior minister Olivia Bailey confirmed the government will impose “some form of age or functionality restrictions” regardless of whether a full ban is enacted.

A national consultation on the policy closes later this month, with pilots already running in hundreds of homes testing bans, time limits, and digital curfews.

But the farce unfolding in real time shows exactly why these measures were always doomed to fail – or, more cynically, why they were designed to fail.

Keep reading

How a Bill Banning AI Companions for Kids Could Usher in Widespread ID Checks Online

Sen. Josh Hawley’s Guidelines for User Age-verification and Responsible Dialogue (GUARD) Act advanced out of the Senate Judiciary committee last week. “A Trojan horse for universal online ID checks,” is how Jibran Ludwig of Fight for the Future described it.

The bill would require anyone using an AI chatbot to provide proof of identity and ban minors from interacting with many sorts of AI chatbots entirely.

Unlike some social media age verification bills, it would give parents no right to opt out of the rules the federal government sets on their kids’ technology use.

The GUARD Act is co-sponsored by Sen. Richard Blumenthal (D–Conn.), who—like Hawley—has long been a champ at moral panic around technology. (Cue: Bipartisan is just another word for really bad idea…)

And while some on the Senate Judiciary Committee expressed concerns about privacy or how this could actually backfire and harm minors, those senators still voted to advance the bill. It “easily passed in committee,” notes The Hill, despite some senators’ reservations:

Sen. Alex Padilla (D-Calif.), who voted yes, said there are concerns about “potential privacy and security risks” with the age-verification component, suggesting it may need to be “fine-tuned.”

Sen. Ted Cruz (R-Texas), who supported various kids online safety bills, said he would vote yes but noted the bill needs “some revisions.”

Cruz was concerned the bill would completely ban all AI chatbots for minors, noting their potential benefits. Hawley clarified the bill does not ban all AI chatbots for minors, but rather it “prevents AI chatbots that engage with minors from pushing sexually explicit material to the minor,” or encouraging self-harm or suicide.

Keep reading

Senate Panel Backs GUARD Act, AI Age Verification Bill

The Senate Judiciary Committee voted 22-0 on Thursday to advance the GUARD Act, a bill that would require AI chatbot companies to verify the age of every American who wants to use them.

The legislation, sponsored by Senator Josh Hawley of Missouri, sailed through committee with a tweet from its author celebrating the outcome.

“My bill to stop AI from telling kids to kill themselves just passed out of committee UNANIMOUSLY,” Hawley wrote on X. “No amount of profit justifies the DESTRUCTION of our children. Time to bring this bill to the Senate floor.”

As usual, the framing is about children but the result is age verification/digital ID for everyone.

Under the bill’s text, a “reasonable age verification measure” cannot mean a checkbox or a self-entered birth date. It cannot rely on whether a user shares an IP address or hardware identifier with someone already verified as an adult.

We obtained a copy of the bill for you here.

What it can mean, the legislation makes clear, is a government ID upload, a facial scan, or a financial record tied to your legal name. Every user of every covered chatbot would need to hand one of those over before being allowed in.

The bill defines an “artificial intelligence chatbot” as any service that “produces new expressive content or responses not fully predetermined by the developer or operator” and “accepts open-ended natural-language or multimodal user input.”

That language reaches well beyond the companion apps the press conference focused on. It covers service bots, search assistants powered by AI, homework helpers, and the general-purpose tools millions of adults already use without proving who they are.

Hawley described the legislation as a “targeted, tailored effort,” telling the committee, “We’re often told that this new dawning age of artificial intelligence is going to be a great age that will strengthen families and workers. I would just say that’s a choice, not an inevitability.”

Keep reading

Roblox Loses 12M Daily Users After Age ID Check Rollout

Roblox is paying for its surveillance push on users. The platform shed 12 million daily active users between Q4 2025 and Q1 2026, dropping from 144 million globally to 132 million, with the company pinning a meaningful share of the decline on its mandatory age-verification rollout.

Revenue still climbed to $1.4 billion and year-over-year DAU growth came in at 35 percent but the sequential numbers tell the story Roblox tried to bury under positive financial framing.

The fall is steeper when measured from the peak. Roblox hit 152 million daily active users in Q3 2025, meaning roughly 20 million people have stopped showing up daily since the company began demanding facial scans and identity checks to access basic chat features. The trajectory inverted almost exactly when the age checks rolled out globally in January.

Roblox’s own language gives the game away. The company says Q1 growth was “tempered by greater-than-expected headwinds” from the age-check rollout, which “slowed new user acquisition.”

Translated out of investor-speak, fewer people want to hand over biometric data or government ID to a gaming platform than Roblox’s models predicted and existing users who haven’t verified are pulling back from a service that now treats them as second-class accounts.

The verification mechanism deserves a closer look than corporate filings tend to give it. Roblox runs facial age estimation, a system that scans users’ faces to guess how old they are and supplements that with identity verification documents.

Facial scanning of a user base that skews young, with a substantial portion under 13, means the company is processing biometric data from millions of children. Roblox says this is for safety. The system being constructed is a database of face scans tied to platform identities, retained on terms the company has not publicly defined.

Earlier this month, Roblox widened the restrictions to gate game access by age bracket and it has signaled more changes ahead. The company plans to “implement additional improvements designed to facilitate age-appropriate access to content and product features” over coming quarters, and has openly said its safety push will lower Roblox’s “expectations for topline growth in 2026.”

Full-year revenue guidance dropped to 20 to 25 percent growth, down from 22 to 26 percent. Bookings guidance was cut by nearly $1 billion. Wall Street responded by knocking the stock down a whopping 20 percent.

The verification numbers themselves point to a two-tier platform taking shape. Through the end of Q1, 51 percent of global daily active users had completed age checks, with US adoption running at 65 percent.

The other half of the user base is interacting with a degraded version of Roblox where communication is restricted, certain games are off-limits and the path back to full functionality runs through a face scan or an ID upload. It’s a tollgate and the toll is biometric data.

Keep reading

Senate Panel Backs GUARD Act, AI Age Verification Bill

The Senate Judiciary Committee voted 22-0 on Thursday to advance the GUARD Act, a bill that would require AI chatbot companies to verify the age of every American who wants to use them.

The legislation, sponsored by Senator Josh Hawley of Missouri, sailed through committee with a tweet from its author celebrating the outcome.

“My bill to stop AI from telling kids to kill themselves just passed out of committee UNANIMOUSLY,” Hawley wrote on X. “No amount of profit justifies the DESTRUCTION of our children. Time to bring this bill to the Senate floor.”

As usual, the framing is about children but the result is age verification/digital ID for everyone.

Under the bill’s text, a “reasonable age verification measure” cannot mean a checkbox or a self-entered birth date. It cannot rely on whether a user shares an IP address or hardware identifier with someone already verified as an adult.

We obtained a copy of the bill for you here.

What it can mean, the legislation makes clear, is a government ID upload, a facial scan, or a financial record tied to your legal name. Every user of every covered chatbot would need to hand one of those over before being allowed in.

The bill defines an “artificial intelligence chatbot” as any service that “produces new expressive content or responses not fully predetermined by the developer or operator” and “accepts open-ended natural-language or multimodal user input.”

That language reaches well beyond the companion apps the press conference focused on. It covers customer service bots, search assistants powered by AI, homework helpers, and the general-purpose tools millions of adults already use without proving who they are.

Keep reading

New Digital ID Bill Ties Your Identity to Your Phone—and Everything You Do Online

Republicans are once again teaming up with Democrats to ram Digital ID through at the federal level.

The bill they’ve just introduced is, if you can believe it, worse than all the others before it.

HR 8250, deceptively named the Parents Decide Act, doesn’t just force everyone to link their identity to use apps on their phones, it mandates that they must do it to use ANY operating system. That means Apple, iOS, Windows, Google, Android, even Samsung—basically everything.

And once that’s in place, there’s nowhere to step outside of it.

But one brave group is refusing to go along.

GrapheneOS has made a statement saying: GrapheneOS will remain usable by anyone around the world without requiring personal information, identification, or an account.

Glenn and Eric Meder from Privacy Academy have been working to educate people on how to escape the digital control grid, including how to put GrapheneOS on your phone—for free. And they have a solution to Digital ID right now.

Keep reading

EU Pushes Age Verification App for All States

The European Commission wants every member state running age verification by the end of 2026, and it wants them running its own app to do it. A recommendation adopted Wednesday tells the bloc’s twenty-seven governments to accelerate deployment of the EU Age Verification App and have it available to citizens before the year is out, regardless of the unease some capitals have expressed about adopting Brussels’ code over their own.

The push lands months after security researchers tore through the same app the Commission is now urging governments to ship. In April, consultant Paul Moore bypassed the app’s protections in under two minutes, demonstrating that the rate-limiting controls were stored in an editable file, biometric authentication could be turned off with a simple configuration change, and sensitive credentials were accessible without secure hardware protection.

The Commission patched the headline issues. It is now telling governments the app is ready for production.

Henna Virkkunen, the Commission’s Executive Vice-President for Tech Sovereignty, Security and Democracy, framed the recommendation as the next step toward shielding minors online. “Effective and privacy-preserving age verification is the next piece of the puzzle that we are getting closer to completing, as we work towards an online space where our children are safe and empowered to use positively and responsibly without restricting the rights of adults,” she said.

Keep reading

Apple Adds Age Verification to Digital ID in Wallet, Moves Beyond TSA Airport Checkpoints

Apple just turned on the next phase of its Digital ID rollout and the framing in the company’s support documentation is almost casual. The passport-derived credential in Apple Wallet can now be used to confirm a user is over 18 when creating an Apple Account, updating iOS, adjusting safety settings, or downloading apps rated 18+. No press release accompanied the change, by the way.

The understated rollout undersells what is actually happening. Apple, like Google, Meta, Discord, and every other consumer-facing platform of significant size, is racing to operationalize digital identity infrastructure to meet a wave of age-verification mandates landing across the US, UK, EU, and Australia.

The companies did not invent this demand; lawmakers did, but the response is arriving faster than the laws themselves, and the architecture being built right now will outlast any specific statute that prompted it.

The UK’s Online Safety Act is already forcing platforms to verify ages with documented credentials.

Discord attempted its own age-verification rollout earlier this year, paused after backlash, and has continued reworking the system. State laws in the US are moving in the same direction with Texas, Louisiana, Utah, and a growing list of others passing mandates that target app stores, social platforms, and adult content sites.

Federal proposals keep recycling similar models. The European Union is preparing its own age-verification framework. Australia has already legislated a social media ban for under-16s.

The platforms doing the verifying have a choice. They can build the credential infrastructure themselves, license it from third-party vendors who upload your passport to their servers, or hand the job to the operating system that already lives on your phone. Apple’s Digital ID, and Google’s parallel work on digital credentials in Android, are bids to be the third option. They are also bids to be the default option, because once an OS-level identity wallet exists, regulators tend to treat it as the natural place to plug in.

Keep reading

France’s ID Portal Hacked: 19 Million Records Up for Sale

French authorities have added another case study to the growing argument against centralizing citizen identity data.

France Titres, formerly known as ANTS, operates the portal where residents apply for passports, national ID cards, residence permits, driver’s licenses, and vehicle registrations.

On April 15, something broke inside that system. A week later, the Interior Ministry confirmed what anyone watching digital ID schemes has been saying about this exact architecture for years, and the scale on offer from the attacker makes the warning harder to wave away.

A threat actor using the aliases “breach3d” and “ExtaseHunters” appeared on criminal forums on April 16, claiming to have stolen between 18 and 19 million records from the agency’s internal systems.

If accurate, that is roughly a third of France’s population sitting in a for-sale listing. The seller describes the haul as a fresh, structural compromise rather than a recycled dump, and is actively shopping it.

Early French press reports, including Le Figaro, initially pegged the figure at around 12 million accounts before later estimates climbed. The government has not confirmed any number.

What the ministry has confirmed is a “security incident that may involve the disclosure of data from both individual and professional accounts.”

Login credentials, full names, email addresses, dates of birth, unique account identifiers, postal addresses, places of birth, and phone numbers may all have been extracted. That combination is a starter kit for identity fraud, synthetic identity construction, and convincing phishing attacks against people who already expect email from French government domains.

Keep reading