UK age verification law & VPN usage | 'Tea' data breach & questionable new age apps
#198 - As the age verification law in the UK takes effect, VPN usage soars | An app where women anonymously share dating details with each other for safety was breached
So, you want to verify my age?
Let me connect to a VPN…
Question❓: What happens when a government wants to mandate age verification?
Answer 🙋🏽♀️: VPN usages surges!
It’s very logical. People of impressionable age should not have easy access to content like pornography, self harm, suicide and eating disorders. Society should protect these youngsters. The UK government thinks so too. The Online Safety Act wants to ensure that minors do not have easy access to harmful content. It wants to do this by mandating age assurance for people who want to access such sites.
And herein starts the problem.
To ‘assure’ age, websites would have to start collecting and storing documents that are sensitive. Government IDs are the most authentic source of age verification. Hence, sites now ask for government IDs. Some businesses find this a challenge because, not many people say - “I would like to access PornHub. Here’s my passport. Keep a copy of it.”
Most people would rather not visit the site than give their government IDs. To keep visitors coming, sites are trying different techniques meet the requirements of the act - ranging from using AI to guess the age from a selfie you take for the app to guessing your age using your search history.
Read the next article about what happened to a service that stored selfies and chats.
Meanwhile, again very logically, users in the UK have started adopting VPNs to circumvent this rather sticky problem. VPN sign ups for popular services has seen an increase by 1000% or more.
Take Action:
If you are a business in the UK and offer web services that require age assurance, your last day to implement his was the 25th of July.
If you are a user in the UK, a VPN service seems an ideal way to access websites where you do not want to have your government ID or selfie on various websites that children should not be seeing.
However, do try to understand the spirit of the requirement and not just the letter.
‘Tea’ - An app that has highly personal data from women was breached
72,000 selfies and drivers licenses were exposed.
Tea is a unique app that allowed women to anonymously post about reviews of men. It allows women to warn each other of bad dates or worse - a dating safety app. However, to ensure that this app is used only by women, Tea asked users to take a selfie or upload government IDs (unrelated to the story about).
Hackers managed to break into Tea’s databases and access all the selfies, licenses, images, conversations, etc and sell it on the dark web.
The consequences are serious for the users of this app. Their photographs are available on online forums and accessible by users of all types.
This article on business insider warns of trusting these new fangled apps with your personal data. There are two risks, as per this article. First - people trust AI apps with very personal conversations that can leak and second - new products tend to be vibe coded and security might be questionable.
I agree with the first point - sharing of personal data with AI LLMs should be avoided.
Take Action:
If you are a user of Tea, then watch out for official communication from them about the data breach and keep your eyes and ears open, especially online.
Make sure that you are very confident about the security and privacy controls of any app that has the premise of secrecy. Remember Ashley Madison?