Will we soon need a biometric key to access the internet?

It is more than obvious that we are entering an era of mandatory age verification that all users of digital services will have to face. While the intentions of lawmakers are noble, wanting to protect minors from harmful content, addictive algorithms and online exploitation, beneath the surface lies a veritable labyrinth that will forever change our user experience and understanding of privacy.

The Darkness Over Digital Anonymity

In the past, online child protection was limited to simple windows where you had to click to confirm that you were over 18, which of course never really worked and served only as a legal protection for website owners. Today, we are witnessing a shift towards strict age verification based on factual and verifiable data, which marks the end of the era in which we could appear online without an identity. This transition is not only technical, but also represents a fundamental shift in the social contract between the user and the service provider, where the ticket to the digital world is paid for by revealing the most personal data. Every click on content that could be marked as sensitive will in the future trigger a chain of digital confirmations that will leave indelible traces of our habits and interests.

From the European Digital Services Act to the British strict school

The central pillar of these changes in Europe has a Digital Services Act, which sets new rules for everyone operating in the single market. While this act does not directly prescribe a single verification method, it requires large platforms such as Meta, TikTok and Google to provide an extremely high level of security for minors, which in practice means that platforms must know exactly who is sitting on the other side of the screen. If a platform cannot reliably know who is a minor, it simply cannot meet its legal requirements to limit targeted advertising and profiling of young users.

However, the wave does not stop at the European Union, as the United Kingdom sets even stricter standards with its Online Safety Act, requiring companies to prevent access to inappropriate content under threat of astronomical fines of up to 10 % of their global annual turnover.

Chat Control: Invisible control over private messages

Alongside age verification, an even more controversial battle is taking place at the heart of European politics, known as Chat Control, which represents a direct attack on the privacy of our correspondence. This legislative initiative envisages mandatory scanning of private messages on platforms such as WhatsApp, Signal and Messenger, in order to detect material depicting child sexual abuse. Critics and cryptography experts warn that such a measure practically means the end of end-to-end encryption, as service providers would have to build backdoors or content control systems directly into our devices. Although proponents argue that it is an essential tool in the fight against the most serious crimes, such technology would create an infrastructure for mass surveillance that could easily be abused for political purposes or industrial espionage.

The introduction of the Chat Control system would mean that your private communication is no longer truly private, as artificial intelligence algorithms would constantly analyze every photo and every word you send to your loved ones.

Microsoft is not immune to change, nor is the open source Linux system.

Microsoft and all the other major players have already started preparing their infrastructure for these radical changes, and their strategy is based on the concept of security by design. Microsoft plans to integrate age verification directly into the Microsoft account, which will act as a central hub for all their services, from the Xbox gaming platform to the Windows operating system.

In the future, when you want to install an app or access a website that requires age verification, your operating system will automatically provide a secure proof of your age, without having to re-enter your personal information or scan documents every time. The company is also refining its Windows Hello technology, which could use infrared cameras in your laptop to perform biometric facial analysis and instantly determine your age group, making verification nearly invisible yet ubiquitous.

It is very interesting to see how the open source world, especially the Linux operating system, is responding to these pressures, especially with some rather dramatic news recently. There have been rumors that age verification will be built directly into the Linux kernel, which has caused quite a stir among privacy advocates, but closer analysis of expert reports has shown that these claims are currently greatly exaggerated. Linux, as a project based on freedom and openness, has no central authority that could impose such a feature on all users, and the discussions really revolve around some system components that could support digital identities in the future for those users who would like it.

This means that Linux could remain one of the last strongholds where the user will have complete control over their privacy, although online services themselves may block access to those who are unwilling or unable to confirm their data in the manner required by law.

How will we verify our age?

The technology that enables this type of verification is evolving at lightning speed and includes a variety of approaches, ranging from biometrics to complex cryptographic solutions. Biometric age assessment uses artificial intelligence to analyze the depth of wrinkles, skin texture, and other features of your face via a camera, a method that does not require personal documents but carries risks of algorithmic bias and privacy invasion. Another approach is digital identities and wallets, which are being planned by the European Union through the project eIDAS 2.0, where your phone will store a digital version of your ID card and, when requested for verification, will only provide a cryptographic certificate that you meet the age requirement.

Traditional methods are still in play, such as verification via bank cards or using specialized third-party identity providers (Persona, Yoti, Veriff, etc.), which act as intermediaries between you and the website to prevent your data from being directly shared with online content providers.

Countries that have already crossed the threshold of anonymity

The UK is already putting pressure on regulators with its new law, while France has been waging an intense battle for mandatory age verification on adult content sites for years. In the US, states such as Texas, Utah and Louisiana have already introduced strict laws that have led some of the biggest websites (such as PornHub) to simply block access to all residents of those states rather than risk legal repercussions or costly system implementations.

Australia is currently testing a comprehensive plan that would include age verification for access to all social networks, which would mean a radical change in digital life for younger generations.

The question that many parents and educators in Slovenia are asking themselves is whether we will follow the example of countries like Australia. Although Slovenia currently does not have legislation that would provide for such a radical cut, discussions in the circles of the Ministry of Digital Transformation and the Ministry of Education and Training are increasingly revolving around stricter restrictions. The current Slovenian regulation, in accordance with the Personal Data Protection Act, sets the age of consent at fifteen, but under the influence of European trends and increasing problems with the mental health of young people, the ground is being prepared for possible stricter measures. It is not excluded that Slovenia would in the future introduce mandatory parental consent through the SI-PASS system for all minors who want to create profiles on platforms such as TikTok, Instagram or Snapchat.

Do we sacrifice the freedom of everyone else for the safety of one group?

To protect children, we require all adult users to identify themselves, which creates huge and dangerous databases of who visits which websites and what their personal interests are. Although providers of these services persistently claim that they do not store data and that they use state-of-the-art encryption, the history of cyberattacks teaches us that no digital fortress is completely impregnable. And that the words of the largest companies are often misleading, which the public may only discover years later, when the damage has already been done.

If an age verification provider's database were to be compromised, attackers could gain access to a direct link between your identity and your most intimate online habits, opening the door to extortion and abuse of unimaginable proportions.

In addition, we should not forget the role of virtual private networks, or VPNs, which have become a regular part of every tech-savvy individual's portfolio and allow them to easily bypass local restrictions. Many teenagers today know how to change their virtual location to a country where age verification is not mandatory with a simple app, which calls into question the actual effectiveness of all the expensive and complex legislation. Laws written by politicians often do not understand the digital world, which knows no physical borders, and instead of creating a safer environment, we could end up encouraging young users to use less secure and completely unregulated parts of the internet.

Biometric face as a universal passport

It is abundantly clear that the era of digital anonymity is irrevocably coming to an end and that we are entering an era of total traceability. In the next few years, age verification will become as self-evident and routine as typing in a password or using a fingerprint to unlock your smartphone is today. However, as a society, we must remain vigilant and strongly demand that these systems are decentralized, inclusive of the less tech-savvy, and above all, secure, because privacy should not be sacrificed on the altar of security without careful consideration. The internet may indeed become a safer place for our children, but the price we adults will pay for this will be the loss of that sliver of freedom that allowed us to anonymously explore the digital expanse without constant surveillance.

Only time will tell whether this sacrifice is truly worth the end result, but until then, we must all prepare ourselves for a world where our face will become our only digital passport to enter the internet.