A post from Dyne.org is making the rounds on HN (781 points) with a blunt thesis: age verification mandates aren't about protecting children. They're about converting the open internet into a permission-based system where every user is identified, every session is authenticated, and anonymity is an artifact of a previous era.
The technical trajectory is straightforward. Age verification doesn't stay binary. Once you've built the infrastructure to prove someone is over 13 or 16 or 18, you've built the infrastructure to prove exactly who they are. As one commenter put it: "The end goal is verified user identification. They want every transaction on the internet to be associated with the exact identity of the user. No more anonymity."
Brazil just passed a law requiring age verification for every site categorized as 16+. The UK's Online Safety Act is moving in the same direction. France, Australia, and multiple US states have active proposals or laws on the books. The pattern is global and accelerating.
Here's what makes this particularly insidious for developers: these mandates push enforcement down the stack. You don't get to shrug and say "not my problem" when your SaaS, your API, or your community platform needs to integrate with a government-approved identity verification provider. That's new compliance surface area, new data liability, and new infrastructure costs — all framed as child safety so opposing it is politically radioactive.
There's a cynical but plausible market angle too. As frontier AI models flood the internet with human-sounding content, ad-supported platforms face a Dead Internet Theory problem: advertisers start questioning whether they're paying to reach humans or bots. Universal identity verification solves that problem nicely for the ad industry while governments get the surveillance infrastructure they've always wanted. Both sides win. Users lose.
The counterargument deserves a fair hearing. Some commenters who grew up with unrestricted internet access candidly admit it harmed them. The desire to protect children is real and legitimate. But the policy response — building a universal identity layer into the internet's architecture — is wildly disproportionate to the stated goal. Parental controls, device-level filtering, and school network policies already exist. They're imperfect, but they keep control with families rather than handing it to governments and identity verification companies.
For developers specifically, the action items are concrete: track age verification legislation in your operating jurisdictions, understand that compliance will likely mean integrating third-party identity services (with all the privacy and liability implications that entails), and support organizations like EFF and Access Now that are fighting the most overreaching proposals. The child protection framing makes this harder to oppose than previous surveillance pushes. That's the point.
I was a kid with unrestricted, unsupervised internet access, and it definitely affected many things in my life. If I happen to have a child in the future, they won't go through that.The Brazilian government passed a law requiring age verification for every site categorized as 16+. It can't
It's too late and never about children, simply deeper forms of data harvesting and surveillance.What makes me extremely sad and concerned is that more recent generations simply have no idea or expectation of privacy online anymore. There will never be more of a fight against all this Orwellian
A theory that’s floating around is that since frontier models are so good at sounding like humans, companies paying for ads are arguing that Dead Internet Theory -> ad costs should go down.Therefore, the push to ID everyone using the internet (even down to the hardware) is a way to prove that ads
What's sad is how effective this is. Religious groups figured out a few years ago that anti-porn groups accomplish nothing, but if you start an anti-trafficking group you can restrict porn access.
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
The big issue isn’t even age verification. The end goal is verified user identification. They want every transaction on the internet to be associated with the exact identity of the user. No more anonymity.In the short term the way it will be implemented is this — age verification will not be a binar