2026-05-19 ジョージア工科大学
<関連情報>
- https://research.gatech.edu/online-age-checks-create-pointless-privacy-risk
- https://mikespecter.com/assets/pdf/AgeVerification.pdf
論文提出をお願いします:ウェブ上の年齢確認に関する最初の考察 Papers, Please: A First Look at Age Verification on the Web
Shreyas Minocha, Isaac Sheridan, Harry Oppenheimer, Paul Pearce, and Michael A. Specter
Abstract
Since 2022, twenty-five US states covering more than 40% of the US population have adopted laws compelling websites with content “harmful to minors” to verify their users’ ages. Many websites that comply with these laws are widely reported to rely on third-party services, effectively outsourcing the age verification process. However, little is known about how these services are shaping the web and affecting user privacy.
In this work, we conduct the first large-scale exploration of age verification providers on the web. We begin by exploring the CrUX top one million websites from three different states— two with legal age verification mandates and one without—to identify the prevalence and composition of age verification services. We then reverse engineer Yoti, the dominant age verification provider, and provide an in-depth privacy analysis.
Our findings show that age verification services can be ineffective in restricting minors, create significant new privacy risks for end users, and are causing the first instance of cross-state balkanization of the web in the US. We find that Yoti often requires end users to share sensitive data—photos of their face, government IDs, credit card details, browser f ingerprinting data, the website being accessed, and more. Such data may be entrusted not only to the contracted provider, but also to several “fourth parties” that are significantly less visible to users. We identify security and privacy issues, and connect these findings to key assumptions underlying recent Supreme Court precedent.
