Different use cases likely to require different methods for proving age online
When Apple released the iPod in 2001, arguably kicking off the 21st century era of mobile technology, it was one product that did one thing: played mp3s. As pop culture embraced the device, Apple spun out variants to meet certain needs and demands: iPod Minis and Micros and Shuffles shrank the technology and made it lighter, opening up the possibility (for example) to wear one during exercise. In 2007, when the iPhone debuted, the iPod evolved into an all-purpose tool, including a music player – thereby rendering the iPod obsolete.
The development of the online age assurance industry appears to be taking the opposite arc. For now, many vendors who offer digital age assurance advertise the various use cases for their core technologies: proving your age to watch porn, buy alcohol and vapes, play restricted games or vote. But as the industry evolves toward maturity, broad nets or one-stop solutions may not prove to be the best way to stop young people from accessing age-restricted products and services. Each use case brings its own specifics, and it is becoming clear that what works for buying booze may not work in the case of porn. To address diversifying needs, the sector will have to diversify its approaches.
For a company like Yoti, that means offering choice to the user. In a talk on where in the tech stack to put age assurance measures, presented at the 2025 Age Assurance Standards Summit, Yoti’s Chief Policy and Regulatory Officer Julie Dawson says the firm’s wide range of approaches means they can offer solutions tailored to specific use cases.
The phrase “no silver bullet” has become an oft-repeated cliche in age assurance circles, but it may miss the point: the answer is likely not a single bullet of any material, and is probably more like a hidden gun room in an action film, where different firearms line the walls, waiting to be grabbed for different scenarios. Of all the offerings – facial age estimation, device-based age assurance, digital ID wallets, tokens and passkeys – none are perfect, and Dawson argues that any solution relying on parental controls is “still not comprehensive.”
Yoti is particularly transparent about its operations, and it is refreshing to hear a company lean away from hyperbole to offer an honest analysis of where things stand. The firm believes that in the end, “age assurance is about what works for the user.” As such, a hybrid approach is its current preference.
Researcher Chelsea Jarvie goes even further with the notion that age assurance should not be one thing. In her talk at the Age Assurance Standards Summit, Jarvie – who is preparing her thesis for a PhD in online age assurance at the University of Strathclyde in Glasgow – asks if there are privacy preserving age assurance methods that are innovative, and different from traditional biometrics (here assumed to mean face, fingerprint, palm and iris scans)?
Jarvie’s big insight is that for people watching porn online, the primary concern isn’t identity theft, but surveillance. Despite efforts to rebrand porn as “ethical,” the social stigma attached to pornography means that even the most proven, certified and trusted face biometrics system is likely to put people off logging on to get off. Any watchers of the sci-fi series Black Mirror – or, as Jarvie notes, former users of the Ashley Madison online adultery service – will be familiar with the real risks of extortion, public shaming and reputational damage should a breach occur.
Complicating the problem even more, says Jarvie, is that people in the UK don’t trust their government. This applies elsewhere, too; notably, in the U.S., where the First Amendment makes people eager to call out ways the government is stomping on free speech. That lack of trust means suspicions will always linger, and an honest assessment might find that face biometrics are probably never going to work for porn, no matter how happy people are to use them to buy beer or cigarettes, or move through the airport more quickly. The stigma is too thick, and the trust required to chip away at it isn’t there.
Other options are emerging. Jarvie is intrigued by technology from Needemand which uses hand gestures to perform age assurance, based on the movement of tendons in the hand – thereby requiring no personally identifying information.
Jarvie is developing her own age assurance system, which she says preserves privacy by not using traditional biometrics. The project is still under wraps, but the impression is that the academic and cybersecurity expert is looking beyond the sea of faces (and face biometrics providers) to a frontier that has not yet been explored. She speaks of “layers of care” and a need to move beyond “tick box compliance” and the “verification theater” of self-declaration. In the end, she echoes a comment from a recent exploratory consultation on age assurance by Canada’s Office of the Privacy Commissioner (OPC): “Age assurance is not monolithic,” and regulators should be “cautious about establishing policies that treat broad ranges of technologies as equivalent.”
Another way to put it is, age assurance is just getting started.
