{"id":591,"date":"2026-05-24T12:51:38","date_gmt":"2026-05-24T12:51:38","guid":{"rendered":"https:\/\/thethriftydev.com\/blog\/kosa-age-verification-privacy-pseudonymous-speech\/"},"modified":"2026-05-24T13:06:06","modified_gmt":"2026-05-24T13:06:06","slug":"kosa-age-verification-privacy-pseudonymous-speech","status":"publish","type":"post","link":"https:\/\/thethriftydev.com\/blog\/kosa-age-verification-privacy-pseudonymous-speech\/","title":{"rendered":"KOSA Is Not Just a Kids Safety Bill. It Is an Age Verification Creep Bill"},"content":{"rendered":"

KOSA is sold as a kids safety bill. The real fight is whether Congress turns child safety into an identity checkpoint for the internet.<\/strong><\/p>\n

The Kids Online Safety Act, reintroduced as S. 1748 in the 119th Congress, is not law yet. It is sitting in the Senate Commerce, Science, and Transportation Committee. A related House package, H.R. 7757, the Kids Internet and Digital Safety Act, has been moving through the House side. That means there is still time to slow it, amend it, or block it.<\/p>\n

Protecting kids online matters. Sextortion, predatory adults, manipulative feeds, bullying, self-harm content, addictive design, and data harvesting are real problems. Parents are not wrong to be angry.<\/p>\n

But KOSA is the wrong tool. It creates a legal pressure system where platforms are pushed to know who is a minor, avoid risky topics, and prove they are preventing vaguely defined harms. Once platforms have to treat minors differently at scale, the next question becomes obvious: how do they know who is a minor?<\/p>\n

That is where age verification creep begins.<\/p>\n

What KOSA Actually Does<\/h2>\n

KOSA would apply to covered platforms that are used, or are reasonably likely to be used, by minors. The bill targets online platforms, video games, messaging apps, and video streaming services. It defines minors as users under 17.<\/p>\n

The bill requires covered platforms to exercise reasonable care around design features tied to harms to minors. Supporters focus on features like infinite scroll, autoplay, notifications, personalized recommendations, in-game purchases, appearance-altering filters, and other engagement-maximizing systems.<\/p>\n

It also requires safety settings, parental tools, reporting channels, audits, transparency obligations, and safeguards around listed harms such as sexual exploitation, self-harm, eating disorders, substance abuse, bullying, and compulsive usage.<\/p>\n

That sounds reasonable until you look at the incentive structure. A platform that faces liability for how minors experience a product has to decide who is a minor, which content is risky, which recommendations are risky, and which communities create legal exposure.<\/p>\n

That is not just product regulation. It becomes speech and identity regulation by proxy.<\/p>\n

The Privacy Problem Is Hidden in One Word: Knows<\/h2>\n

KOSA supporters correctly point out that the Senate bill does not literally say every user must upload a government ID. That matters. We should not make a lazy claim that is easy to debunk.<\/p>\n

The stronger claim is this: KOSA creates pressure for platforms to determine user age because many duties depend on whether the platform knows a user is a minor.<\/p>\n

The bill uses a knowledge standard that includes actual knowledge and knowledge fairly implied by objective circumstances. In plain English, platforms are not only thinking about what they directly collect. They are also thinking about what regulators, attorneys general, plaintiffs, and compliance teams might later argue they should have known.<\/p>\n

That pushes companies toward age assurance. Some will use age estimation. Some will use app-store or device-level systems. Some will use third-party ID vendors. Some will lock down features for everyone because it is safer than guessing wrong.<\/p>\n

This is the core issue: KOSA may not mandate ID checks on paper, but it can make ID checks feel like the safest business decision.<\/p>\n

\"A<\/figure>\n

Age Verification Creep Means Adults Get Checked Too<\/h2>\n

You cannot reliably separate minors from adults without checking users. That is why age verification laws always expand beyond the group they claim to regulate.<\/p>\n

If a site must prove it is treating minors differently, it has to sort users into age categories. That means adults get checked too. The internet shifts from open access by default to permissioned access by default.<\/p>\n

KOSA also directs study of device-level or operating-system-level age verification. That detail matters. If age status becomes something enforced through phones, app stores, operating systems, or identity providers, it can become a universal access layer across apps and websites.<\/p>\n

That would be a major change in how the internet works. Today, you can read, search, post, browse, and build under a pseudonym. Under an age-gated model, access increasingly depends on an identity signal, an age token, or an account tied to a larger platform.<\/p>\n

Even if the first version is sold as limited, the architecture will not stay limited. Once the checkpoint exists, every future panic has a place to plug in.<\/p>\n

Pseudonymous Speech Is a Safety Feature, Not a Loophole<\/h2>\n

Anonymous and pseudonymous speech are not just conveniences. They protect real people.<\/p>\n

Whistleblowers need pseudonyms. Political dissidents need pseudonyms. Abuse survivors need pseudonyms. Religious minorities need pseudonyms. People exploring sensitive health issues need pseudonyms. Young people in unsafe homes may need pseudonymous access to information before they can safely ask an adult in their life.<\/p>\n

That does not mean every platform has to allow every behavior. It does mean Congress should be extremely careful before creating a compliance regime that links real-world identity to online access.<\/p>\n

KOSA does not explicitly ban pseudonyms. The risk is more subtle and more dangerous. If compliance pushes platforms to identify age, log age status, outsource verification, and restrict access based on risk categories, pseudonymous life online becomes harder by default.<\/p>\n

The open internet should not be treated like a bar entrance where everyone shows papers before speaking.<\/p>\n

The Big Tech Compliance Moat<\/h2>\n

KOSA is often framed as a way to hold Big Tech accountable. The problem is that Big Tech is usually the best equipped to survive complicated regulation.<\/p>\n

Meta, Google, Apple, TikTok, and X can hire compliance teams, lawyers, auditors, lobbyists, trust and safety staff, policy experts, and age assurance vendors. A small forum cannot. An indie social app cannot. A Nostr client cannot. A self-hosted community cannot.<\/p>\n

When compliance risk rises, small platforms often do one of three things:<\/p>\n