Editor's Note: Please welcome Technology Columnist Leah Grossman to Opinion.
Leah Grossman (she/they) writes Move Fast, Break Things, a column about how technology and the politics surrounding it affect our lives. They are a third-year student studying Astronomy. Her email is l.grossman@ubyssey.ca.
Age verification is quickly spreading around the world — and the internet. The U.K. Online Safety Act 2023 requires platforms to verify users' ages in order to prohibit children from accessing adult or harmful content. Australia’s Online Safety Amendment (Social Media Minimum Age) Act requires social media companies to “take reasonable steps” to block children from having accounts on their platforms. Many US states have similar bills in various stages of the legislative process, some of which have already passed and some of which are currently being challenged in courts. Here in Canada, the Liberal party recently adopted official policy positions supporting age verification for social media and AI tools. Some companies, such as Roblox and Discord, have announced that they will be rolling out age verification globally.
These regulations ostensibly protect children. In reality, they strip people of anonymity, give governments more power to censor speech, further push already commonplace invasions of personal privacy and open the door to massive data breaches.
Anonymity enables people to post dissenting political opinions and empowers whistleblowers to expose corruption and misconduct while limiting the risk of repercussions. It allows marginalized and oppressed communities, like transgender people and undocumented immigrants, to access resources and community without fear of persecution. It protects social media users from blackmail and identity theft.
Age verification threatens this. A transgender person in Tennessee, where the state just passed a bill requiring clinics to provide detailed reports on all gender-affirming care to the government, living through the rampant transphobia taking place across the federal government and the majority of Republican-controlled states, likely will not feel comfortable uploading a government-issued ID to connect with other transgender people online. An anonymous whistleblower reporting on government misconduct will not want their identity linked to their online presence.
Age verification also creates a powerful opportunity for government censorship. The U.K. Online Safety Act, for example, focuses mainly on “content harmful to children.” The Act includes many cases of this, including content that is pornographic, “encourages, promotes or provides instructions for an act of deliberate self-injury” or “incites hatred against people [ …] of a particular race, religion, sex or sexual orientation.” While these restrictions could make sense in the case of a well-meaning government — I’m not advocating for homophobia — it is too easy to see how they could be abused by bad-faith actors.
This essay is part of Move Fast, Break Things, our technology column. It is written by staff columnist Leah Grossman, who is trained as an opinion journalist.
When Leah writes about consumer technology, the internet and the politics that inform our digital lives, she isn't impartial. They write with an eye toward how Canada's reliance on American technology affects us all. Her American perspective informs how she covers technology regulation and Big Tech's successes and failures.
Opinion essays are intentionally subjective and make no claims to impartiality. Otherwise, they are required to uphold the same ethical standards and undergo the same fact-checking process as the rest of The Ubyssey’s report. The views expressed in Move Fast, Break Things are Leah’s and don’t represent the views of The Ubyssey as a whole.
The Trump administration has described gender-affirming care for transgender minors, which is often reversible, as “chemical and surgical mutilation” that “maim[s] and steriliz[es]” children. A transphobic government in the U.K., pushing these same beliefs, could easily argue that information intended to help children and their families explore their identity falls under promoting deliberate self-injury. (The current U.K. government under Prime Minister Keir Starmer, while not using as outrageously transphobic language, has banned puberty blockers — a common and safe form of gender-affirming care for minors — indefinitely.) Similarly, certain people could argue that a movement like Black Lives Matter incites hatred against white people. By this argument, resources promoting racial equality could be restricted under the Act.
The security implications of age verification are perhaps the simplest. The most common methods include uploading a scan of a government ID or using AI to analyze a facial scan. Many companies performing the verification promise that the data is stored for a limited period of time, only long enough to perform the required function. In October 2025, Discord reported an incident where photos of approximately 70,000 users’ government-issued IDs were stolen. These users, suspected of being too young to use Discord under their terms of service, had uploaded their IDs to prove their ages. Discord claims this was a breach of 5CA, a third-party company that Discord used as part of their customer service. 5CA denies this. Regardless of who is at fault, the breach is a damning example of how collecting this type of information en masse creates an enticing target for hackers. And this is only 70,000 people; as age verification grows more common, the amount of data being collected will grow rapidly.
There are ways to perform less invasive age verification, to an extent. For example, a user can be verified by confirming if they have a credit card on file — credit cards typically require you to be the age of majority — or analyzing their history, such as how long they have had an account. Apple uses both methods as part of their age verification procedures in the U.K. and Singapore. Certain types of age verification, such as those using facial biometric data, can also be done on-device, which means the data is never sent to a company’s servers, making it more difficult for hackers to steal the data. These methods also help to address anonymity, since they don’t rely on verifying a user’s identity, but they don’t address the censorship issues.
But many companies simply don’t have a vested interest in using methods like these. Unless privacy and security are part of a company’s brand, as they are for Apple, why would a company do more than the bare minimum of outsourcing the work to a third party?
That is exactly what Discord did. On Feb. 9, Discord announced that all new and existing users would have a new “teen-appropriate experience” and could verify their age to have full access to the platform. Users who did not verify their age would not be able to view sensitive content, access age-restricted chat rooms or speak in certain types of public voice channels, among other minor changes. The initial two methods of verification, Discord announced, were an on-device facial scan and uploading an identity document to a third-party partner, which they said would be “deleted quickly — in most cases, immediately after age confirmation.” They said more methods would be coming in the future, including continual improvement on a model that would run in the background and attempt to automatically determine a user’s age group. Discord emphasized that they would only receive a user’s age, not their identity or any other information.
Remember, this was around four months after they announced that approximately 70,000 users’ government-issued IDs were stolen as part of Discord’s existing age verification procedures. While Discord no longer works with 5CA, they did not announce what companies they would be working with.
The user base reacted quickly — with backlash. Discord responded on Feb. 24 announcing that they would be delaying the rollout until the second half of 2026 (outside of jurisdictions with existing legal requirements), with significant changes. Every partner they work with will be documented on their website along with that partner’s practices, and every partner offering facial verification must perform it on-device. More verification options will be added, including credit card verification. Additionally, there will be a dedicated spoiler channel option that does not include adult content, so gated channels for sensitive topics such as politics will be able to continue to exist without requiring age verification. They also announced that before the program launches, they will publish a detailed blog post explaining the technical details of their age estimation.
These are certainly improvements. Better documentation, more options, less privacy-invasive methods and less of a need for age verification are all good things! That said, they aren’t enough. If the automated age estimation doesn’t verify you, then you still need to provide your identity or a facial scan if you want to access the restricted content. You still need to trust that the scan is happening on-device and that the data is being treated with care. Yes, that was already true with your messages, but now it’s also true with your driver’s licence, your passport or a 3D scan of your face. And perhaps most damning of all, these changes were only implemented after immense backlash.
As people get more used to age verification, the backlash will decrease, and even the same amount of backlash will have less of an impact on vastly more powerful companies like Google, Meta, and other Big Tech companies. Discord’s withdrawal is perhaps the best-case scenario for users, and I don’t think the industry will tend toward the best-case scenario. In fact, the most powerful tech companies, the ones that I’m most wary of, are the ones that I think are least likely to even consider what’s best for users. Again, why would they?
Canada does not currently have any age verification laws in place. However, at least one bill is under consideration at the federal level: S-209, introduced by Hon. Sen. Julie Miville-Dechêne in May 2025, would effectively require commercial distributors of pornographic content to implement age verification. This bill has passed the Senate, but has only just entered the House of Commons. A nearly identical bill was introduced by Miville-Dechêne in the prior parliament in late 2021, and made it through two readings and committee in the House before parliament was prorogued due to former Prime Minister Justin Trudeau’s resignation.
The government has also shown willingness to consider other forms of age verification. Prime Minister Mark Carney said in early March that a social media ban for children “merits an open and considered debate in Canada.” And at the Liberal Party’s national convention in April, just days before three byelections handed the Liberals a majority government, party members voted in favour of two policy resolutions focused on age verification.
Join the Conversation
Do you have an original perspective that’s relevant to our community? Pitch us an op-ed! You don’t have to be an experienced writer: the opinion editors will help you structure your argument and put your ideas to paper.
The first of these, citing Australia’s legislation, would require social media platforms to set a minimum age of 16 for a user to have an account. It would also establish a regulatory framework for social media platforms to enforce other, less problematic safety standards (such as removing artificial images of non-consenting people). The second policy resolution would require an age restriction, again set at 16, for access to generative AI chatbots and “other potentially harmful forms of AI interaction.”
These resolutions are non-binding and party policy is not a part of the legislative process. However, these are now official Liberal positions, and it would not surprise me if the government adopts legislation based on these policies — especially now that it has a majority in the House of Commons.
Yet, there is recognition that age verification is not necessarily the solution. A few days later, Culture Minister Marc Miller said banning children from social media “could be an important layer” but that it’s not “the answer to everything.” After all, online harms “don’t end as soon as you turn 15 or 16 or 17.” However, the government still plans to introduce an online harms bill, and I suspect age verification will be a part of that. This legislation is, in one form or another, coming to Canada. In fact, Premier Wab Kinew announced last week that Manitoba will ban youth from using social media and AI chatbots, the first such ban announced by a government in Canada, though the details are not yet known.
I will leave you with this. Do you trust the platforms you use to approach age verification with care? Do you trust governments to use their legislative powers with the absolute best of intentions? Do you trust every company performing age verification to delete your data, in a timely manner, without sharing it with governments and law enforcement and without building a biometric database? Do you trust everyone involved to treat your face and your government IDs with the utmost security so they don’t fall into the wrong hands?
If, like me, you answered no, then hopefully you agree there are too many issues with age verification. Even if you believe age verification protects children (and I’m not sure it does), it’s not worth exposing ourselves to the self-serving motives of governments and corporations. Even the most well-meaning, pro-free speech government can be replaced by an oppressive one. Even a well-intentioned age verification company might mess up and get hacked. I hope you weren’t planning to keep your ID private.
This is an opinion essay, and a part of a regular column. It reflects the columnist’s views and may not reflect the views of The Ubyssey as a whole. Contribute to the conversation by visiting ubyssey.ca/pages/submit-an-opinion.
