Skip to content
Sovereign builder field notes for AI, privacy, automation, and digital rights.
Age Verification Creep Tracker: KOSA, App Store ID Laws, and the Fight for Anonymous Speech

Skip to content
Sovereign builder field notes for AI, privacy, automation, and digital rights.
Age Verification Creep Tracker: KOSA, App Store ID Laws, and the Fight for Anonymous Speech

Age verification is being sold as child safety. The bigger pattern is internet identity control. This tracker follows KOSA, app store age checks, state ID laws, platform responses, and the policy pipeline pushing the open internet toward identity checkpoints.
Last updated: July 2, 2026
Current threat level: HIGH
- June 27, 2025: Supreme Court ruled 6-3 in Free Speech Coalition v. Paxton that state age verification for adult content is constitutional under intermediate scrutiny.
- March 5, 2026: Senate passed COPPA 2.0 (S.836) by unanimous consent. Now heads to the House.
- KOSA (S.1748) has 76 cosponsors (42 R, 33 D, 1 I) but has not received a Senate Commerce markup.
- State age verification laws are spreading across the country.
- Some platforms already block users in certain states instead of collecting ID.
- Big Tech can absorb compliance costs. Smaller sites, forums, and open-source projects cannot.
- The core risk is not one bill. The core risk is normalizing ID checks for speech.
Cite this tracker
TheThriftyDev. “Age Verification Creep Tracker: KOSA, App Store ID Laws, and the Fight for Anonymous Speech.” Last updated July 2, 2026. https://thethriftydev.com/blog/age-verification-creep-tracker/
What changed recently
- July 1, 2026 — Confirmed: Louisiana ASAA did not activate on July 1, 2026. HB 977 (signed May 15, 2026) postponed enforcement to July 1, 2027. No Apple age-check activation for Louisiana occurred on this date.
- June 27, 2026 — Correction: Louisiana HB 977 (signed May 15, 2026) postponed the Louisiana ASAA effective date from July 1, 2026 to July 1, 2027. Utah HB 498 similarly postponed Utah ASAA from May 6, 2026 to May 7, 2027. Apple’s Declared Age Range API enforcement for Utah and Louisiana reflects Apple’s implementation schedule, which operates on its own timeline. Tracker updated to reflect corrected legislative dates.
- June 21, 2026 — Texas SB 2420 enforcement update: Fifth Circuit lifted injunction May 28, 2026; CCIA filed emergency SCOTUS challenge June 11, 2026 (pending — most significant active development). KIDS Act (H.R.7757) markup update: passed House E&C along party lines March 5, 2026; stalled on House floor with bipartisan talks ongoing; Democrats objected over weakened duty-of-care and broad state preemption. Louisiana postponed to July 1, 2027 — HB 977 signed May 15, 2026 delays Louisiana ASAA by one year. Utah also postponed to May 7, 2027 — HB 498 delayed Utah ASAA during legislative session. Apple’s Declared Age Range API enforcement for Utah (May 6) and Louisiana (originally July 1) reflects Apple’s implementation timeline, which may proceed independently of state legislative effective dates. West Virginia HB 4412 adult-site age verification law effective June 12, 2026. Massachusetts H.5295 passed House April 8, 2026 — would ban social media for under-14s and require universal age verification for all users; currently in Senate. New: Parents Decide Act (H.R.8250) introduced April 13, 2026 — mandates OS-level age verification with FTC enforcement, broader than app store laws. Litigation landscape updated with Texas SB 2420 SCOTUS emergency.
- June 9, 2026 — Added the June 27, 2025 SCOTUS ruling in Free Speech Coalition v. Paxton, COPPA 2.0 (S.836) Senate passage by unanimous consent on March 5, 2026, KIDS Act (H.R.7757) House Energy & Commerce advancement along party lines on March 5, 2026, Apple Declared Age Range API enforcement timeline (international Feb 24, 2026; Utah May 6, 2026 — postponed to May 7, 2027 by HB 498; Louisiana July 1, 2026 — postponed to July 1, 2027 by HB 977), Google Play US state-law developer guidance, NetChoice v. Carr preliminary injunction against Georgia SB 351 (June 26, 2025), April 20, 2026 federal court block on the reworked Arkansas minor-social-media law, 76-cosponsor status for KOSA, and a litigation landscape update covering at least 8 states sued.
- May 24, 2026 — Added S.1748 status, app-store age verification risk, platform response framing, and privacy-first alternatives.
Quote this
Age verification does not stay age verification. Once platforms must prove who is a minor, adults get dragged into the identity layer too.
The core risk is not one bill. The core risk is normalizing ID checks for speech.
A privacy-first child safety policy should punish exploitation and data abuse, not force every lawful speaker through an identity checkpoint.
Share this tracker
X / Twitter: Age verification does not stay age verification. Once platforms must prove who is a minor, adults get dragged into the identity layer too. That is how “protect kids” becomes “show ID to speak.” Tracker: https://thethriftydev.com/blog/age-verification-creep-tracker/
Nostr: KOSA and age-verification laws are not just child-safety policy. They are building pressure toward identity checkpoints for speech. Track the pattern here: https://thethriftydev.com/blog/age-verification-creep-tracker/
Congressional email subject: Oppose age verification mandates; support privacy-first child safety
Congressional email body: Please protect kids online without creating an ID-check internet. I oppose age verification mandates or liability schemes that pressure platforms to identify users before they can speak, search, learn, or join communities. Support privacy-first child safety instead: data minimization, limits on behavioral targeting, anti-dark-pattern rules, enforcement against predators, and protections for anonymous and pseudonymous speech.

Why This Tracker Exists
There are real online harms affecting kids. Sextortion, predatory adults, algorithmic amplification, bullying, self-harm content, addictive feeds, and data harvesting are not imaginary. Parents are right to be angry, and lawmakers are right to care.
The problem is the tool. Age verification sounds narrow until you ask how it works at internet scale. If a platform must treat minors differently, it needs a way to know who is a minor. If it cannot reliably know who is a minor, it checks more users. If checking more users becomes the safe legal path, adult speech gets dragged into the same identity layer.
That is age verification creep: a child safety proposal becomes a compliance system, the compliance system becomes an identity checkpoint, and the identity checkpoint becomes the default gate for speech, search, social media, communities, apps, and eventually payments.
The Short Version
- Protecting kids online matters.
- Age checks sound limited.
- But platforms cannot separate minors from adults without checking users.
- That creates pressure for ID vendors, device-level age signals, app-store verification, and more intrusive account systems.
- The people hurt first are not criminals. They are abuse survivors, whistleblowers, dissidents, religious minorities, activists, journalists, LGBTQ users, and teenagers seeking help.
Federal Bills To Watch
| Bill or proposal | Status | Supporter framing | Age verification risk | Speech/privacy risk |
|---|---|---|---|---|
| KOSA, S.1748 | 76 cosponsors (42 R, 33 D, 1 I). Introduced May 14, 2025. No Senate Commerce markup to date. | Design duties and safeguards for minors | High | Platforms may over-filter sensitive lawful content and seek age assurance |
| COPPA 2.0 | Passed Senate by unanimous consent March 5, 2026 (21 cosponsors). Awaiting House action. | Stronger protections for children and teens | Medium | Depends on implementation and how platforms determine age |
| House online safety packages | KIDS Act (H.R.7757) passed House E&C along party lines March 5, 2026. Strips the Senate KOSA “duty of care”; adds broad federal preemption. Stalled on House floor — bipartisan negotiations ongoing; Democrats object over weakened knowledge standard and state law preemption. No floor vote scheduled. | Parental controls and child safety accountability | High | Could shift age checks to app stores, operating systems, or device layers |
| Parents Decide Act, H.R.8250 | Introduced April 13, 2026. Mandates OS-level age verification (Apple, Google, Microsoft) with FTC enforcement — broader than app store laws, covers every device. In House committee, no markup scheduled. | Device-level child safety accountability | Severe | Shifts age checks from apps to OS layer; could affect every desktop and mobile device nationally |
| Phone or SIM identity proposals | Separate but related identity pressure | Fraud, trafficking, and crime prevention | Severe | Turns basic communication into a permissioned identity event |

The Compliance Incentive Problem
Supporters often say KOSA does not directly require every user to upload ID. That is an important distinction. But direct mandates are not the only way policy changes behavior. Liability changes incentives.
If a platform can be punished for failing to protect minors from certain harms, the platform needs a defensible way to show which users are minors, which settings applied to them, and what content or features they were allowed to access. A small site owner, open-source developer, Nostr client, forum admin, or indie app team does not have a legal department to litigate fine distinctions. The safe response is to block users, remove features, over-filter speech, or outsource age checks to vendors.
That is how “we do not require ID” can still become “show ID to participate.”
State Age Verification Laws To Watch
State laws matter because they create the test cases. One state passes an age check. Another expands it. Courts rule on pieces of it. Platforms react by blocking regions, adding compliance vendors, or changing product design nationally.
| Category | What to watch | Why it matters | Risk |
|---|---|---|---|
| Adult-site age verification | State laws requiring ID or age assurance for sexual content | Creates legal precedent and vendor infrastructure | High |
| Social media minor laws | Parental consent, account limits, and age checks for social platforms | Pushes identity checks into general-purpose speech platforms | Severe |
| App store age verification | Apple/Google or app-store-level age signals | Centralizes age identity at the operating-system or app-store layer | Severe |
| Device-level age systems | Age signals built into phones, browsers, or operating systems | Could follow users across apps and websites | Severe |
| Social media age verification (state) | West Virginia HB 4412: adult-site age verification effective June 12, 2026. Massachusetts H.5295: House-passed April 8, 2026 — would ban social media for under-14s and require universal age verification for all social media users; currently in Massachusetts Senate. | West Virginia creates new enforcement precedent; Massachusetts would be one of the strictest laws in the nation | Severe |
Litigation landscape (June 2026): At least 8 states have been sued over age verification for children. Courts have preliminarily halted laws in Arkansas (reworked law blocked April 20, 2026) and Georgia SB 351 (preliminary injunction June 26, 2025). Pending challenges remain in Florida, Louisiana, Mississippi, and Tennessee. Tennessee classifies age-verification violations as Class C felonies. New state AV bills are moving in at least 10 more states in 2026.
Texas SB 2420 — SCOTUS emergency (most significant active development): The Fifth Circuit lifted the district court’s injunction on May 28, 2026, allowing Texas’s App Store Accountability Act to take effect. CCIA filed an emergency injunction request with the U.S. Supreme Court on June 11, 2026 — SCOTUS has not yet ruled. If SCOTUS declines to intervene, other states’ app store laws (Louisiana July 1, future states) will accelerate. If SCOTUS intervenes and blocks Texas, the entire app-store-age-check pipeline faces a major setback.
Platform Responses Are The Early Warning System
App stores have started enforcing. Starting February 24, 2026, Apple began blocking users in Australia, Brazil, and Singapore from downloading apps rated 18+ unless confirmed to be adults — the same enforcement model now rolling out to US states. Apple’s Declared Age Range API shares age categories with developers. New Apple’s Declared Age Range API enforcement for Utah went live May 6, 2026. However, Utah’s state law (ASAA) was subsequently postponed to May 7, 2027 (HB 498). Louisiana’s state law (ASAA) was postponed to July 1, 2027 (HB 977, signed May 15, 2026). Apple’s API enforcement may proceed on its own timeline independent of state legislative dates. Texas SB 2420 is now enforced following the Fifth Circuit’s May 28 ruling, with CCIA’s emergency SCOTUS challenge pending. Google has published US-specific developer guidance for the same wave of state app-store age-verification laws.
When a platform blocks a state instead of collecting ID, that is not just a business decision. It is a warning signal. It means the compliance burden, liability risk, or privacy risk is too high for that platform to operate normally.
EFF has documented how age gates can become a windfall for Big Tech and a death sentence for smaller platforms. Large companies can pay lawyers, vendors, auditors, trust and safety teams, policy teams, lobbyists, and compliance engineers. Small communities cannot. If the cost of running a forum becomes identity verification infrastructure, the open web loses.

Why Anonymous And Pseudonymous Speech Matters
Pseudonymous speech is not a loophole. It is a safety feature.
People use pseudonyms to report abuse, talk about addiction, explore religion, research health issues, organize politically, question powerful institutions, build communities, and separate public speech from private life. Teenagers may need access to information they cannot safely ask for at home. Abuse survivors may need resources without alerting an abuser. Whistleblowers may need to speak without attaching their legal name to every sentence.
An ID-check internet chills all of that. Even if the government never reads the database, the database exists. It can be breached, sold, subpoenaed, misused, shared, or quietly normalized until refusal itself looks suspicious.
The Big Tech Compliance Moat
Regulation sold as anti-Big-Tech can accidentally entrench Big Tech. That is the compliance moat.
Meta, Google, Apple, TikTok, and other giants can absorb age assurance vendors, policy audits, legal challenges, and reporting requirements. A small Mastodon instance, Nostr client, indie forum, hobby project, or privacy-first tool cannot. The likely result is less competition, more centralization, and fewer escape routes from the platforms lawmakers claim to be disciplining.
That matters for builders. A sovereign web needs small services, open protocols, self-hosted tools, and low-friction publishing. Identity compliance moves the web in the opposite direction.

Better Child Safety Without ID Checkpoints
The choice is not “do nothing” or “verify everyone.” Better options exist:
- Ban behavioral advertising to minors.
- Enforce data minimization for all users.
- Ban manipulative dark patterns and addictive product loops.
- Require simple chronological feed options.
- Improve reporting, takedown, and appeals systems.
- Fund investigations and enforcement against predators and extortion networks.
- Support family-level tools that do not require every website to collect ID.
- Require privacy-preserving age signals only if they are voluntary, minimal, audited, open, and not tied to browsing history.
What To Tell Congress
Here is the clean message:
Protect kids online, but do not create an ID-check internet. Oppose age verification mandates and any bill that pressures platforms to identify users before they can speak, search, learn, or join communities. Pass privacy-first child safety instead: data minimization, limits on behavioral targeting, anti-dark-pattern rules, better enforcement against predators, and protections for anonymous and pseudonymous speech.
What Privacy-Minded Readers Should Do Now
- Contact your senators and representatives. Ask whether they support age verification mandates or privacy-first child safety.
- Use pseudonymous accounts where appropriate. Do not attach your legal identity to every public opinion.
- Support decentralized and smaller platforms before the compliance moat gets worse.
- Move some social activity to Nostr and other exit-ramp systems.
- Reduce dependence on identity-linked accounts where possible.
- Share this tracker when someone says, “It is only about protecting kids.”

Copy/Paste This
If you want to explain the issue fast, use this:
Age verification does not stay age verification. Once platforms must prove who is a minor, adults get dragged into the identity layer too. That is how “protect kids” becomes “show ID to speak.” Tracker: https://thethriftydev.com/blog/age-verification-creep-tracker/
Related TheThriftyDev Reading
- KOSA Is Not Just a Kids Safety Bill. It Is an Age Verification Creep Bill
- Mandatory ID Is Coming for Phones and Social Media. Here’s How to Move to Nostr Before the Gate Closes
- Google AI Search Privacy: Better Alternatives to Protect Your Searches
- What Is the Sovereign Builder Protocol?
Sources
- GovTrack: S.1748 Kids Online Safety Act
- GovInfo: S.1748 bill text
- Sen. Blackburn release on KOSA reintroduction
- ACLU on kids online safety bills and speech protections
- EFF: age gates, Big Tech, and smaller platforms
- R Street on social media age verification problems
- The Intercept on anonymity, KOSA, and age verification
- SCOTUS: Free Speech Coalition v. Paxton opinion (June 27, 2025)
- Wikipedia: FSC v. Paxton case background
- EFF on the SCOTUS age-verification decision
- EFF: 2025 in review — Congress’s crusade to age-gate the internet
- GovTrack: COPPA 2.0 (S.836) — passed Senate March 5, 2026
- Sen. Markey: COPPA 2.0 unanimous Senate passage
- GovTrack: KIDS Act (H.R.7757)
- IAPP: KIDS Act advances to full House vote
- Apple Developer: age requirements for Brazil, Australia, Singapore, Utah, Louisiana (Feb 24, 2026)
- Google Play Console Help: changes for US state app store age-verification bills
- NetChoice v. Carr (Georgia SB 351)
- NetChoice 2025 Litigation Wrapped
- CCIA: Emergency SCOTUS filing against Texas SB 2420 (June 11, 2026)
- Congress.gov: Parents Decide Act (H.R.8250)
- Massachusetts Legislature: H.5295 social media age verification
- The Texas Tribune: Texas age verification law now enforced (June 4, 2026)
- SCOTUSblog: Supreme Court app store age verification emergency (June 11, 2026)
Read next
The 2026 Sovereign Stack: Privacy Tools That Actually Resist Surveillance
8 layers of the sovereign stack verified live in 2026 — email, DNS, VPN, hosting, search, comms, money, AI. What to use,…
EU Chat Control 2026: The Deadline Every Builder Should Know
9 min read·Published Jun 19, 2026NostrXFacebookRedditTelegramSMSCopyOn this page▾The December 2026 Wallet DeadlineChat Control: From Encryption Backdoors to Identity CheckpointsThe Pipeline: When Wallets…
GLM-5.2 vs Local Qwen vs Opus: Which Should You Run in 2026?
9 min read·Published Jun 19, 2026NostrXFacebookRedditTelegramSMSCopyOn this page▾The Three Models at a GlanceBenchmark Reality CheckThe Cost Story — Cloud vs LocalWhen to…
Don’t Wait Until Google Locks You Out
The escape map for search, email, cloud files, photos, browser, and phone backups — set up before you actually need it.
No spam. Practical privacy, AI, backup, and tool drops. Unsubscribe anytime.
Read next
The 2026 Sovereign Stack: Privacy Tools That Actually Resist Surveillance
8 layers of the sovereign stack verified live in 2026 — email, DNS, VPN, hosting, search, comms, money, AI. What to use,…
EU Chat Control 2026: The Deadline Every Builder Should Know
9 min read·Published Jun 19, 2026NostrXFacebookRedditTelegramSMSCopyOn this page▾The December 2026 Wallet DeadlineChat Control: From Encryption Backdoors to Identity CheckpointsThe Pipeline: When Wallets…
GLM-5.2 vs Local Qwen vs Opus: Which Should You Run in 2026?
9 min read·Published Jun 19, 2026NostrXFacebookRedditTelegramSMSCopyOn this page▾The Three Models at a GlanceBenchmark Reality CheckThe Cost Story — Cloud vs LocalWhen to…
Leave a comment
De-Google Without Going Crazy
Get the practical escape map: search, email, cloud files, photos, browser, phone backups, and what to replace first.
No spam. Practical privacy, AI, backup, and tool drops. Unsubscribe anytime.
Read next
Flock Cams, Surveillance Drones, and the Civil Disobedience Field Manual
23 min read·Published Jun 26, 2026NostrXFacebookRedditTelegramSMSCopyOn this page▾What Has Been BuiltFlock Safety: The Private Company Running a National PanopticonThe HardwareThe ICE PipelineThe…
GLM-5.2 vs Local Qwen vs Opus: Which Should You Run in 2026?
0 0 votes Article Rating Part of AI Tools + Private AI Hub Pick the right local model before you spend $1,200…
OpenClaw as an Agentic Framework: How I Use It, Why It Matters, and What to Consider Before You Set It Up
A practical builder guide to OpenClaw: setup, channels, memory, heartbeats, cron jobs, multi-agent workflows, sandboxing, and why an always-on agentic framework changes…