One of the most common refrains we hear from age verification proponents is that online ID checks are nothing new. After all, you show your ID at bars and liquor stores all the time, right? And it’s true that many places age-restrict access in-person to various goods and services, such as tobacco, alcohol, firearms, lottery tickets, and even tattoos and body piercings.

But this comparison falls apart under scrutiny. There are fundamental differences between flashing your ID to a bartender and uploading government documents or biometric data to websites and third-party verification companies. Online age-gating is more invasive, affects far more people, and poses serious risks to privacy, security, and free speech that simply don’t exist when you buy a six-pack at the corner store.

Online age verification burdens many more people.

Online age restrictions are imposed on many, many more users than in-person ID checks. Because of the sheer scale of the internet, regulations affecting online content sweep in an enormous number of adults and youth alike, forcing them to disclose sensitive personal data just to access lawful speech, information, and services. 

Additionally, age restrictions in the physical world affect only a limited number of transactions: those involving a narrow set of age-restricted products or services. Typically this entails a bounded interaction about one specific purchase.

Online age verification laws, on the other hand, target a broad range of internet activities and general purpose platforms and services, including social media sites and app stores. And these laws don’t just wall off specific content deemed harmful to minors (like a bookstore would); they age-gate access to websites wholesale. This is akin to requiring ID every time a customer walks into a convenience store, regardless of whether they want to buy candy or alcohol.

There are significant privacy and security risks that don’t exist offline.

In offline, in-person scenarios, a customer typically provides their physical ID to a cashier or clerk directly. Oftentimes, customers need only flash their ID for a quick visual check, and no personal information is uploaded to the internet, transferred to a third-party vendor, or stored. Online age-gating, on the other hand, forces users to upload—not just momentarily display—sensitive personal information to a website in order to gain access to age-restricted content. 

This creates a cascade of privacy and security problems that don’t exist in the physical world. Once sensitive information like a government-issued ID is uploaded to a website or third-party service, there is no guarantee it will be handled securely. You have no direct control over who receives and stores your personal data, where it is sent, or how it may be accessed, used, or leaked outside the immediate verification process. 

Data submitted online rarely just stays between you and one other party. All online data is transmitted through a host of third-party intermediaries, and almost all websites and services also host a network of dozens of private, third-party trackers managed by data brokers, advertisers, and other companies that are constantly collecting data about your browsing activity. The data is shared with or sold to additional third parties and used to target behavioral advertisements. Age verification tools also often rely on third parties just to complete a transaction: a single instance of ID verification might involve two or three different third-party partners, and age estimation services often work directly with data brokers to offer a complete product. Users’ personal identifying data then circulates among these partners. 

All of this increases the likelihood that your data will leak or be misused. Unfortunately, data breaches are an endemic part of modern life, and the sensitive, often immutable, personal data required for age verification is just as susceptible to being breached as any other online data. Age verification companies can be—and already have been—hacked. Once that personal data gets into the wrong hands, victims are vulnerable to targeted attacks both online and off, including fraud and identity theft.

Troublingly, many age verification laws don’t even protect user security by providing a private right of action to sue a company if personal data is breached or misused. This leaves you without a direct remedy should something bad happen. 

Some proponents claim that age estimation is a privacy-preserving alternative to ID-based verification. But age estimation tools still require biometric data collection, often demanding users submit a photo or video of their face to access a site. And again, once submitted, there’s no way for you to verify how that data is processed or stored. Requiring face scans also normalizes pervasive biometric surveillance and creates infrastructure that could easily be repurposed for more invasive tracking. Once we’ve accepted that accessing lawful speech requires submitting our faces for scanning, we’ve crossed a threshold that’s difficult to walk back.

Online age verification creates even bigger barriers to access.

Online age gates create more substantial access barriers than in-person ID checks do. For those concerned about privacy and security, there is no online analog to a quick visual check of your physical ID. Users may be justifiably discouraged from accessing age-gated websites if doing so means uploading personal data and creating a potentially lasting record of their visit to that site.

Given these risks, age verification also imposes barriers to remaining anonymous that don’t typically exist in-person. Anonymity can be essential for those wishing to access sensitive, personal, or stigmatized content online. And users have a right to anonymity, which is “an aspect of the freedom of speech protected by the First Amendment.” Even if a law requires data deletion, users must still be confident that every website and online service with access to their data will, in fact, delete it—something that is in no way guaranteed.

In-person ID checks are additionally less likely to wrongfully exclude people due to errors. Online systems that rely on facial scans are often incorrect, especially when applied to users near the legal age of adulthood. These tools are also less accurate for people with Black, Asian, Indigenous, and Southeast Asian backgrounds, for users with disabilities, and for transgender individuals. This leads to discriminatory outcomes and exacerbates harm to already marginalized communities. And while in-person shoppers can speak with a store clerk if issues arise, these online systems often rely on AI models, leaving users who are incorrectly flagged as minors with little recourse to challenge the decision.

In-person interactions may also be less burdensome for adults who don’t have up-to-date ID. An older adult who forgets their ID at home or lacks current identification is not likely to face the same difficulty accessing material in a physical store, since there are usually distinguishing physical differences between young adults and those older than 35. A visual check is often enough. This matters, as a significant portion of the U.S. population does not have access to up-to-date government-issued IDs. This disproportionately affects Black Americans, Hispanic Americans, immigrants, and individuals with disabilities, who are less likely to possess the necessary identification.

We’re talking about First Amendment-protected speech.

It’s important not to lose sight of what’s at stake here. The good or service age gated by these laws isn’t alcohol or cigarettes—it’s First Amendment-protected speech. Whether the target is social media platforms or any other online forum for expression, age verification blocks access to constitutionally-protected content. 

Access to many of these online services is also necessary to participate in the modern economy. While those without ID may function just fine without being able to purchase luxury products like alcohol or tobacco, requiring ID to participate in basic communication technology significantly hinders people’s ability to engage in economic and social life.

This is why it’s wrong to claim online age verification is equivalent to showing ID at a bar or store. This argument handwaves away genuine harms to privacy and security, dismisses barriers to access that will lock millions out of online spaces, and ignores how these systems threaten free expression. Ignoring these threats won’t protect children, but it will compromise our rights and safety.

Republished from the EFF’s Deeplinks blog.

This particularly cursed holiday week kicked off in earnest last night when my father turned his iPad in my direction. On its screen was a terribly disturbing post on X containing two images. In the first, Jeffrey Epstein was hugging and kissing a little girl. In the second, that girl was bound and gagged on a bed.

Dad was rightly outraged and disgusted. He asked me if I’d seen the photos in my time going through the Epstein files. I immediately recognized the first image of Epstein and deduced that it had been Photoshopped from a widely distributed photo of Epstein hugging Ghislaine Maxwell. The second image seemed to be an AI rendering. (To add to the confusion, images reportedly do exist of Epstein cuddling children.) I let him know that the imagery was fake, and a distinctly non-yuletidy conversation ensued. Yes, Epstein was a heinous pedophile and convicted sex offender. Also, the internet is awash in fake, traumatizing slop that’s being used to score points in an ongoing information war. Happy holidays!

Early this morning, the Department of Justice released nearly 30,000 documents related to its investigations into Epstein. A previous batch was released late last Friday afternoon, as mandated by Congress, and was notable for its thorough redactions, its overall lack of material related to President Donald Trump, and the fact that it was incomplete. This latest batch contains far more mentions of Trump, leading the DOJ to issue a defensive-sounding, partisan, and frankly unprofessional post on X: “Some of these documents contain untrue and sensationalist claims made against President Trump that were submitted to the FBI right before the 2020 election. To be clear: the claims are unfounded and false, and if they had a shred of credibility, they certainly would have been weaponized against President Trump already.”

As I looked through the documents myself, I realized that many mentions of Trump in this batch come from news stories or documents referencing publicly available information about the president. For example, a random email in the archive includes a link to a story headlined “Trump: Kushner’s Security Clearance Is Up to Kelly.”

But there are some new, salacious-seeming details. Take, for instance, a 2020 email from an unidentified federal prosecutor alerting an unknown recipient that Trump had taken more trips on Epstein’s plane than was previously realized. There are at least two unvetted forms submitted in 2020 to the FBI’s National Threat Operations Center tip line that mention Trump’s name in conjunction with alarming and unproven allegations, including rape and paying for sex.

The White House did not respond to a request for comment about these new documents and allegations, and instead referred me to posts on X by the DOJ; Trump has previously denied any wrongdoing and has downplayed his past relationship with Epstein.

Another shocking revelation is a copy of a letter allegedly written by Epstein to Larry Nassar, a former U.S.-gymnastics-team doctor who was convicted of possessing child pornography, among other crimes, and who used his position to sexually abuse hundreds of women and girls. The letter was postmarked three days after Epstein’s death, in 2019, and makes a reference to suicide. “As you know by now, I have taken the ‘short route’ home,” the letter, which appears to have been signed by Epstein, reads. “Good luck! We shared one thing … our love & caring for young ladies and the hope they’d reach their full potential.” The letter continues: “Our president also shares our love of young, nubile girls. When a young beauty walked by he loved to ‘grab snatch,’ whereas we ended up snatching grub in the mess halls of the system.” The existence of a letter sent by Epstein to Nassar had been previously reported by the Associated Press, but the contents had not been; earlier today, the DOJ posted on X that it had concluded that the Nasser letter was fake, which “serves as a reminder that just because a document is released by the Department of Justice does not make the allegations or claims within the document factual.”

These details alone are a lot to take in. That they are just a few needles of newsworthy information in a PDF haystack is dizzying. Blearily tabbing through the files at random this morning, I came across screenshots of what appear to be emails between prosecutors in Epstein’s 2008 sex-crimes case, which resulted in Epstein getting a cushy plea deal (almost all of the names in the email are redacted). I can think of no reason that the names of those who afforded him such an arrangement shouldn’t be made public. In one of the emails, from late May of that year, one person mentions an unnamed person, presumably Epstein, spending only 90 days in jail. “Please tell me you are joking,” the other replies. “Maybe we should throw him a party and tell him we are sorry to have bothered him.” Such emails, although redaction-heavy, are the kind of information that journalists and investigators have longed for—they shed partial light on the government’s leniency in the case. Still, the release is piecemeal and difficult to comb through; as a result, it paints an unclear picture.

As is often the case online, the messy, public release has at times led to more confusion than clarity. On X this morning, I came across a viral post containing a screenshot of one of the FBI tips from the files that alleges that Trump and Epstein raped a woman. “Now we’re starting to see why Trump was hiding the Epstein files, and it probably gets much worse,” the post reads. Digging through the files, I’ve confirmed that the document is real, but the post—which currently has several million views—lacks crucial context. The allegations are not part of a court document or witness testimony; they’re transcribed from a 2020 call to the FBI tip line, and totally unconfirmed.

This is a sterling example of the informational chaos here. A disturbing, salacious tip, the credibility of which is completely unknown, printed on an official FBI form: It’s perfect fodder for screenshots, reposts, and accusations. The “information” looks terrible for Trump, but it’s presented without any burden of proof. That the DOJ would release something so potentially incendiary but redact other information, such as the names of government lawyers, only adds to the confusion.

The Epstein scandal has consumed Washington and dogged Trump’s second term, and the release of these latest files is textbook news dump: a massive tranche of individual image files and PDFs, collected with few discernible organizing details, dropped online just before the Christmas holiday. Deputy Attorney General Todd Blanche said on Sunday that the partial, phased release is being done in part to protect victims. Although that could be the case, the drip-drop release has the added effect of being frustrating and overwhelming, stringing everyone along during a moment when fewer people are likely to be paying attention.

Ironically, the nature of the release also means that the story will not die. Today’s release has only fanned the flames of the conspiracy. It also fragments an important news story such that it becomes hard to get a good sense of where things stand. In one interpretation, it might feel like the walls are closing in for Trump and the White House, where an avalanche of anecdotal evidence—the infamous 50th-birthday-book release in September, a trove of emails in November that mention Trump and his onetime adviser Steve Bannon, last Friday’s release, today’s—is piling up. But seen another way, this release is also optimally confusing, muddying the waters with as-yet-unverified information that’s being disseminated via individual screenshots on social media, making the whole thing easier to dismiss.

[Read: You really need to see Epstein’s birthday book for yourself]

There’s a secondary effect for those of us watching, which is that of being trapped in some kind of Epstein holiday purgatory. Family gatherings and Honey Baked Hams are colliding with the slow-burn proliferation of crime-scene evidence related to an alleged prolific sex trafficker who appears to have been close friends with the current president of the United States. Those following the Epstein saga closely are stuck waiting for the next shoe to drop; those with more normal news-consumption habits or who may wish to ignore the sordid affair may be forced to acknowledge it as nauseating details barge into their life while they scroll, channel surf, or talk with a politics-obsessed uncle at the dinner table.

This would be a small price to pay, if any true accountability were to come from this process. But much of the context of the Epstein files is that they are being released by a DOJ that, as my colleague David A. Graham wrote yesterday, has gone to great lengths to politicize itself in the second Trump administration. As Graham notes, the entire Epstein ordeal is a showcase of “compounding failures” by the federal government, from its slowness to act on tips about Epstein many years ago, to the plea deal in 2008, to this administration’s questioning of Epstein’s associate Ghislaine Maxwell and her move to a minimum-security prison this past summer. And then there is what the files continue to confirm: a moral rot in some of the wealthiest and most powerful people in the world. Combine these things, and the files are a recipe for inspiring potent distrust and resentment.

Those of us paying attention are, for now, stuck—bombarded with enough troubling information and allegations to assume the worst about this conspiracy, but also possessing enough earned cynicism and suspicion to assume that little will change.

On Wednesday, Micron Technology announced it will exit the consumer RAM business in 2026, ending 29 years of selling RAM and SSDs to PC builders and enthusiasts under the Crucial brand. The company cited heavy demand from AI data centers as the reason for abandoning its consumer brand, a move that will remove one of the most recognizable names in the do-it-yourself PC upgrade market.

“The AI-driven growth in the data center has led to a surge in demand for memory and storage,” Sumit Sadana, EVP and chief business officer at Micron Technology, said in a statement. “Micron has made the difficult decision to exit the Crucial consumer business in order to improve supply and support for our larger, strategic customers in faster-growing segments.”

Micron said it will continue shipping Crucial consumer products through the end of its fiscal second quarter in February 2026 and will honor warranties on existing products. The company will continue selling Micron-branded enterprise products to commercial customers and plans to redeploy affected employees to other positions within the company.

Read full article

Comments

Supreme Court justices expressed numerous concerns today in a case that could determine whether Internet service providers must terminate the accounts of broadband users accused of copyright infringement. Oral arguments were held in the case between cable Internet provider Cox Communications and record labels led by Sony.

Some justices were skeptical of arguments that ISPs should have no legal obligation under the Digital Millennium Copyright Act (DMCA) to terminate an account when a user’s IP address has been repeatedly flagged for downloading pirated music. But justices also seemed hesitant to rule in favor of record labels, with some of the debate focusing on how ISPs should handle large accounts like universities where there could be tens of thousands of users.

Justice Sonia Sotomayor chided Cox for not doing more to fight infringement.

Read full article

Comments