{"id":622,"date":"2026-05-24T16:19:16","date_gmt":"2026-05-24T16:19:16","guid":{"rendered":"https:\/\/thethriftydev.com\/blog\/age-verification-creep-tracker\/"},"modified":"2026-05-24T16:19:16","modified_gmt":"2026-05-24T16:19:16","slug":"age-verification-creep-tracker","status":"publish","type":"post","link":"https:\/\/thethriftydev.com\/blog\/age-verification-creep-tracker\/","title":{"rendered":"Age Verification Creep Tracker: KOSA, App Store ID Laws, and the Fight for Anonymous Speech"},"content":{"rendered":"<p><script type=\"application\/ld+json\">{\"@context\": \"https:\/\/schema.org\", \"@type\": \"Article\", \"headline\": \"Age Verification Creep Tracker: KOSA, App Store ID Laws, and the Fight for Anonymous Speech\", \"description\": \"A living tracker for KOSA, app store age verification, state ID-check laws, and the policy pipeline pushing the internet toward identity checkpoints.\", \"author\": {\"@type\": \"Person\", \"name\": \"Bobby Hendry\"}, \"publisher\": {\"@type\": \"Organization\", \"name\": \"TheThriftyDev\"}, \"datePublished\": \"2026-05-24T16:18:59.211165+00:00\", \"dateModified\": \"2026-05-24T16:18:59.211177+00:00\", \"mainEntityOfPage\": {\"@type\": \"WebPage\", \"@id\": \"https:\/\/thethriftydev.com\/blog\/age-verification-creep-tracker\/\"}, \"about\": [\"KOSA\", \"age verification\", \"anonymous speech\", \"digital identity\", \"online privacy\"]}<\/script><\/p>\n<p><strong>Age verification is being sold as child safety. The bigger pattern is internet identity control.<\/strong> This tracker follows KOSA, app store age checks, state ID laws, platform responses, and the policy pipeline pushing the open internet toward identity checkpoints.<\/p>\n<p><strong>Last updated:<\/strong> May 24, 2026<\/p>\n<div class=\"wp-block-group\" style=\"border:2px solid #22c55e;padding:18px;border-radius:12px;background:#07130f;color:#eafff4\">\n<p><strong>Current threat level: HIGH<\/strong><\/p>\n<ul>\n<li>KOSA is active at the federal level as S.1748 in the 119th Congress.<\/li>\n<li>State age verification laws are spreading across the country.<\/li>\n<li>Some platforms already block users in certain states instead of collecting ID.<\/li>\n<li>Big Tech can absorb compliance costs. Smaller sites, forums, and open-source projects cannot.<\/li>\n<li>The core risk is not one bill. The core risk is normalizing ID checks for speech.<\/li>\n<\/ul>\n<\/div>\n<figure><img decoding=\"async\" src=\"https:\/\/thethriftydev.com\/blog\/wp-content\/uploads\/2026\/05\/av-tracker-1.png\" alt=\"Age verification checkpoint blocking access to the open internet\" loading=\"lazy\" style=\"max-width:100%;height:auto;\" \/><\/figure>\n<h2>Why This Tracker Exists<\/h2>\n<p>There are real online harms affecting kids. Sextortion, predatory adults, algorithmic amplification, bullying, self-harm content, addictive feeds, and data harvesting are not imaginary. Parents are right to be angry, and lawmakers are right to care.<\/p>\n<p>The problem is the tool. Age verification sounds narrow until you ask how it works at internet scale. If a platform must treat minors differently, it needs a way to know who is a minor. If it cannot reliably know who is a minor, it checks more users. If checking more users becomes the safe legal path, adult speech gets dragged into the same identity layer.<\/p>\n<p>That is age verification creep: a child safety proposal becomes a compliance system, the compliance system becomes an identity checkpoint, and the identity checkpoint becomes the default gate for speech, search, social media, communities, apps, and eventually payments.<\/p>\n<h2>The Short Version<\/h2>\n<ul>\n<li>Protecting kids online matters.<\/li>\n<li>Age checks sound limited.<\/li>\n<li>But platforms cannot separate minors from adults without checking users.<\/li>\n<li>That creates pressure for ID vendors, device-level age signals, app-store verification, and more intrusive account systems.<\/li>\n<li>The people hurt first are not criminals. They are abuse survivors, whistleblowers, dissidents, religious minorities, activists, journalists, LGBTQ users, and teenagers seeking help.<\/li>\n<\/ul>\n<h2>Federal Bills To Watch<\/h2>\n<table>\n<thead>\n<tr>\n<th>Bill or proposal<\/th>\n<th>Status<\/th>\n<th>Supporter framing<\/th>\n<th>Age verification risk<\/th>\n<th>Speech\/privacy risk<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>KOSA, S.1748<\/td>\n<td>Introduced in the 119th Congress and referred to Senate Commerce<\/td>\n<td>Design duties and safeguards for minors<\/td>\n<td>High<\/td>\n<td>Platforms may over-filter sensitive lawful content and seek age assurance<\/td>\n<\/tr>\n<tr>\n<td>COPPA 2.0<\/td>\n<td>Federal privacy proposal often discussed beside KOSA<\/td>\n<td>Stronger protections for children and teens<\/td>\n<td>Medium<\/td>\n<td>Depends on implementation and how platforms determine age<\/td>\n<\/tr>\n<tr>\n<td>House online safety packages<\/td>\n<td>Moving in parallel with child safety and app accountability proposals<\/td>\n<td>Parental controls and child safety accountability<\/td>\n<td>High<\/td>\n<td>Could shift age checks to app stores, operating systems, or device layers<\/td>\n<\/tr>\n<tr>\n<td>Phone or SIM identity proposals<\/td>\n<td>Separate but related identity pressure<\/td>\n<td>Fraud, trafficking, and crime prevention<\/td>\n<td>Severe<\/td>\n<td>Turns basic communication into a permissioned identity event<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<figure><img decoding=\"async\" src=\"https:\/\/thethriftydev.com\/blog\/wp-content\/uploads\/2026\/05\/av-tracker-2.png\" alt=\"Flowchart showing child safety becoming age verification and identity checks\" loading=\"lazy\" style=\"max-width:100%;height:auto;\" \/><\/figure>\n<h2>The Compliance Incentive Problem<\/h2>\n<p>Supporters often say KOSA does not directly require every user to upload ID. That is an important distinction. But direct mandates are not the only way policy changes behavior. Liability changes incentives.<\/p>\n<p>If a platform can be punished for failing to protect minors from certain harms, the platform needs a defensible way to show which users are minors, which settings applied to them, and what content or features they were allowed to access. A small site owner, open-source developer, Nostr client, forum admin, or indie app team does not have a legal department to litigate fine distinctions. The safe response is to block users, remove features, over-filter speech, or outsource age checks to vendors.<\/p>\n<p>That is how \u201cwe do not require ID\u201d can still become \u201cshow ID to participate.\u201d<\/p>\n<h2>State Age Verification Laws To Watch<\/h2>\n<p>State laws matter because they create the test cases. One state passes an age check. Another expands it. Courts rule on pieces of it. Platforms react by blocking regions, adding compliance vendors, or changing product design nationally.<\/p>\n<table>\n<thead>\n<tr>\n<th>Category<\/th>\n<th>What to watch<\/th>\n<th>Why it matters<\/th>\n<th>Risk<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Adult-site age verification<\/td>\n<td>State laws requiring ID or age assurance for sexual content<\/td>\n<td>Creates legal precedent and vendor infrastructure<\/td>\n<td>High<\/td>\n<\/tr>\n<tr>\n<td>Social media minor laws<\/td>\n<td>Parental consent, account limits, and age checks for social platforms<\/td>\n<td>Pushes identity checks into general-purpose speech platforms<\/td>\n<td>Severe<\/td>\n<\/tr>\n<tr>\n<td>App store age verification<\/td>\n<td>Apple\/Google or app-store-level age signals<\/td>\n<td>Centralizes age identity at the operating-system or app-store layer<\/td>\n<td>Severe<\/td>\n<\/tr>\n<tr>\n<td>Device-level age systems<\/td>\n<td>Age signals built into phones, browsers, or operating systems<\/td>\n<td>Could follow users across apps and websites<\/td>\n<td>Severe<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Platform Responses Are The Early Warning System<\/h2>\n<p>When a platform blocks a state instead of collecting ID, that is not just a business decision. It is a warning signal. It means the compliance burden, liability risk, or privacy risk is too high for that platform to operate normally.<\/p>\n<p>EFF has documented how age gates can become a windfall for Big Tech and a death sentence for smaller platforms. Large companies can pay lawyers, vendors, auditors, trust and safety teams, policy teams, lobbyists, and compliance engineers. Small communities cannot. If the cost of running a forum becomes identity verification infrastructure, the open web loses.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/thethriftydev.com\/blog\/wp-content\/uploads\/2026\/05\/av-tracker-3.png\" alt=\"Small websites and open-source communities crushed by compliance paperwork\" loading=\"lazy\" style=\"max-width:100%;height:auto;\" \/><\/figure>\n<h2>Why Anonymous And Pseudonymous Speech Matters<\/h2>\n<p>Pseudonymous speech is not a loophole. It is a safety feature.<\/p>\n<p>People use pseudonyms to report abuse, talk about addiction, explore religion, research health issues, organize politically, question powerful institutions, build communities, and separate public speech from private life. Teenagers may need access to information they cannot safely ask for at home. Abuse survivors may need resources without alerting an abuser. Whistleblowers may need to speak without attaching their legal name to every sentence.<\/p>\n<p>An ID-check internet chills all of that. Even if the government never reads the database, the database exists. It can be breached, sold, subpoenaed, misused, shared, or quietly normalized until refusal itself looks suspicious.<\/p>\n<h2>The Big Tech Compliance Moat<\/h2>\n<p>Regulation sold as anti-Big-Tech can accidentally entrench Big Tech. That is the compliance moat.<\/p>\n<p>Meta, Google, Apple, TikTok, and other giants can absorb age assurance vendors, policy audits, legal challenges, and reporting requirements. A small Mastodon instance, Nostr client, indie forum, hobby project, or privacy-first tool cannot. The likely result is less competition, more centralization, and fewer escape routes from the platforms lawmakers claim to be disciplining.<\/p>\n<p>That matters for builders. A sovereign web needs small services, open protocols, self-hosted tools, and low-friction publishing. Identity compliance moves the web in the opposite direction.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/thethriftydev.com\/blog\/wp-content\/uploads\/2026\/05\/av-tracker-4.png\" alt=\"Big Tech walking through compliance gate while small platforms are blocked\" loading=\"lazy\" style=\"max-width:100%;height:auto;\" \/><\/figure>\n<h2>Better Child Safety Without ID Checkpoints<\/h2>\n<p>The choice is not \u201cdo nothing\u201d or \u201cverify everyone.\u201d Better options exist:<\/p>\n<ul>\n<li>Ban behavioral advertising to minors.<\/li>\n<li>Enforce data minimization for all users.<\/li>\n<li>Ban manipulative dark patterns and addictive product loops.<\/li>\n<li>Require simple chronological feed options.<\/li>\n<li>Improve reporting, takedown, and appeals systems.<\/li>\n<li>Fund investigations and enforcement against predators and extortion networks.<\/li>\n<li>Support family-level tools that do not require every website to collect ID.<\/li>\n<li>Require privacy-preserving age signals only if they are voluntary, minimal, audited, open, and not tied to browsing history.<\/li>\n<\/ul>\n<h2>What To Tell Congress<\/h2>\n<p>Here is the clean message:<\/p>\n<blockquote>\n<p>Protect kids online, but do not create an ID-check internet. Oppose age verification mandates and any bill that pressures platforms to identify users before they can speak, search, learn, or join communities. Pass privacy-first child safety instead: data minimization, limits on behavioral targeting, anti-dark-pattern rules, better enforcement against predators, and protections for anonymous and pseudonymous speech.<\/p>\n<\/blockquote>\n<h2>What Privacy-Minded Readers Should Do Now<\/h2>\n<ol>\n<li>Contact your senators and representatives. Ask whether they support age verification mandates or privacy-first child safety.<\/li>\n<li>Use pseudonymous accounts where appropriate. Do not attach your legal identity to every public opinion.<\/li>\n<li>Support decentralized and smaller platforms before the compliance moat gets worse.<\/li>\n<li>Move some social activity to Nostr and other exit-ramp systems.<\/li>\n<li>Reduce dependence on identity-linked accounts where possible.<\/li>\n<li>Share this tracker when someone says, \u201cIt is only about protecting kids.\u201d<\/li>\n<\/ol>\n<figure><img decoding=\"async\" src=\"https:\/\/thethriftydev.com\/blog\/wp-content\/uploads\/2026\/05\/av-tracker-5.png\" alt=\"Pseudonymous speech shield protecting people from identity surveillance\" loading=\"lazy\" style=\"max-width:100%;height:auto;\" \/><\/figure>\n<h2>Copy\/Paste This<\/h2>\n<p>If you want to explain the issue fast, use this:<\/p>\n<pre>Age verification does not stay age verification.\n\nOnce platforms must prove who is a minor, adults get dragged into the identity layer too.\n\nThat is how \u201cprotect kids\u201d becomes \u201cshow ID to speak.\u201d\n\nTracker: https:\/\/thethriftydev.com\/blog\/age-verification-creep-tracker\/<\/pre>\n<h2>Related TheThriftyDev Reading<\/h2>\n<ul>\n<li><a href=\"https:\/\/thethriftydev.com\/blog\/kosa-age-verification-privacy-pseudonymous-speech\/\">KOSA Is Not Just a Kids Safety Bill. It Is an Age Verification Creep Bill<\/a><\/li>\n<li><a href=\"https:\/\/thethriftydev.com\/blog\/mandatory-id-social-media-phone-kyc-nostr\/\">Mandatory ID Is Coming for Phones and Social Media. Here\u2019s How to Move to Nostr Before the Gate Closes<\/a><\/li>\n<li><a href=\"https:\/\/thethriftydev.com\/blog\/google-ai-search-privacy-alternatives\/\">Google AI Search Privacy: Better Alternatives to Protect Your Searches<\/a><\/li>\n<li><a href=\"https:\/\/thethriftydev.com\/blog\/what-is-the-sovereign-builder-protocol\/\">What Is the Sovereign Builder Protocol?<\/a><\/li>\n<\/ul>\n<h2>Sources<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.govtrack.us\/congress\/bills\/119\/s1748\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">GovTrack: S.1748 Kids Online Safety Act<\/a><\/li>\n<li><a href=\"https:\/\/www.govinfo.gov\/content\/pkg\/BILLS-119s1748is\/html\/BILLS-119s1748is.htm\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">GovInfo: S.1748 bill text<\/a><\/li>\n<li><a href=\"https:\/\/www.blackburn.senate.gov\/2025\/5\/technology\/blackburn-blumenthal-thune-and-schumer-introduce-the-kids-online-safety-act\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Sen. Blackburn release on KOSA reintroduction<\/a><\/li>\n<li><a href=\"https:\/\/www.aclu.org\/news\/privacy-technology\/lawmakers-renew-push-to-regulate-kids-speech-online-despite-speech-protections\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">ACLU on kids online safety bills and speech protections<\/a><\/li>\n<li><a href=\"https:\/\/www.eff.org\/pages\/age-gates-are-windfall-big-tech-and-death-sentence-smaller-platforms\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">EFF: age gates, Big Tech, and smaller platforms<\/a><\/li>\n<li><a href=\"https:\/\/www.rstreet.org\/commentary\/the-fundamental-problems-with-social-media-age-verification-legislation\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">R Street on social media age verification problems<\/a><\/li>\n<li><a href=\"https:\/\/theintercept.com\/2026\/03\/05\/kosa-online-age-verification-free-speech-privacy\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">The Intercept on anonymity, KOSA, and age verification<\/a><\/li>\n<\/ul>\n<p>Views: 0<\/p>","protected":false},"excerpt":{"rendered":"<p>A living tracker for KOSA, app store age verification, state ID-check laws, and the policy pipeline pushing the internet toward identity checkpoints.<\/p>\n","protected":false},"author":1,"featured_media":617,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[82,29,32,84,33,83,81,26],"class_list":["post-622","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-age-verification","tag-anonymous-speech","tag-censorship-resistance","tag-digital-identity","tag-digital-sovereignty","tag-free-speech","tag-kosa","tag-privacy","entry"],"_links":{"self":[{"href":"https:\/\/thethriftydev.com\/blog\/wp-json\/wp\/v2\/posts\/622","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thethriftydev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thethriftydev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thethriftydev.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thethriftydev.com\/blog\/wp-json\/wp\/v2\/comments?post=622"}],"version-history":[{"count":0,"href":"https:\/\/thethriftydev.com\/blog\/wp-json\/wp\/v2\/posts\/622\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thethriftydev.com\/blog\/wp-json\/wp\/v2\/media\/617"}],"wp:attachment":[{"href":"https:\/\/thethriftydev.com\/blog\/wp-json\/wp\/v2\/media?parent=622"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thethriftydev.com\/blog\/wp-json\/wp\/v2\/categories?post=622"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thethriftydev.com\/blog\/wp-json\/wp\/v2\/tags?post=622"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}