The War on Porn

Discord Confirms Data Breach Exposed Government ID Photos of 70,000 Users

Discord logo

SAN FRANCISCO — Discord, the popular chat and community platform, confirmed that one of its third-party vendors experienced a major data breach that exposed the personal information of about 70,000 users, including photos of government-issued identification cards.

The affected vendor was responsible for processing age-verification submissions and appeals on behalf of Discord. The company has not yet named the vendor but indicated that the breach was the result of a cyberattack exploiting a Zendesk instance, allegedly part of an extortion attempt targeting both the vendor and Discord.

Early reports suggested that roughly 1.5 terabytes of data were stolen—around 2.2 million images tied to age-verification records. However, Discord said the actual scope was smaller than initially claimed.

“This was not a breach of our internal systems,” a Discord spokesperson told The Verge. “The attack targeted a third-party service we use to support our customer service operations. Approximately 70,000 users may have had government-ID photos exposed, which the vendor used for age-related appeal reviews.”

The company added that all affected users have been notified. “We’ve secured the affected systems, ended our relationship with the compromised vendor, and continue to cooperate with law enforcement, data protection authorities, and external security experts,” the spokesperson said. “We take our responsibility to protect user data seriously and understand the concern this may cause.”

Discord also disclosed that other personal details—including names, usernames, email addresses, IP addresses, and the last four digits of some users’ credit cards—were included in the compromised data.

While Discord remains best known for its role in gaming culture and online communities, it has also become a hub for artists, streamers, and adult creators who use the platform to interact with fans and build digital communities. The service allows users over 18 to share adult-oriented material within designated, age-restricted spaces.

Read More »

What Was “Verified,” Really? By Stan Q. Brick

Age verification image

As a guy who crossed the magic line of his 18th birthday over 35 years ago, it has been a damn long time since I was last asked to present identification documents as part of purchasing any age-restricted product.

More accurately, I should say it had been a damn long time – until last week, when I tried to log in to the members area of an porn website of which I’ve been a member for several months now.

Rather than simply being prompted to enter my username and password, I was presented with a dialog box informing me that before I could gain access to the site in question – a site to which I’ve already prepaid for nearly 90 more days of access, by virtue of a billing rollover that took place weeks ago – I needed to verify my age.

This struck me as odd and more than a little irritating. I was aware my home state is among those that have passed an age verification law directed at porn websites, but I had assumed existing customers, particularly those whose credit cards had been successfully billed several times already by the merchant involved, might somehow be “grandfathered in,” at least with respect to members’ area access.

No such luck, though. If I wanted to continue to access this site – in other words, if I wanted to receive the full benefit of the membership I’d already paid for – I would have to do business with whatever third-party service they’ve employed to perform the act of age verification on the site’s behalf, as well.

My immediate reaction was to close the browser, so I could weigh the question of whether to continue as a member of the site, cancel my account, or cancel my account and demand a refund. Nowhere in the agreement I ‘signed’ as part of joining the site did it state I’d have to do business with a third party to maintain future access to the site. Foisting that requirement on me without notice seemed dicey.

The first decision I made was not to act at all, right then. Among other things, the unexpected access-block had pissed me off a bit, and anger is never a good frame of mind for making decisions. I joined the site because I like the content they make and because I like watching it; should requiring me to show my ID really be so off-putting as to make me cancel, let alone demand a refund?

I sat on the decision for a couple days, straddling the fence on whether I’d jump through the age verification hoop that had been presented to me. Finally, I decided it made sense to see what the process required, how invasive it was of my privacy – and how effective or ineffective it seemed towards the stated end goal of verifying the users’ age and deterring minors from accessing the site. I could always back out before submitting anything, I reckoned.

The site in question offered only one option for an age verification service, one based in the United Kingdom. The system informed me that to verify my age, I’d need to upload a scan of one of several state-issued forms of ID: a driver’s license, a state ID, a passport, or state-issued military ID. It also referenced the possibility of uploading a selfie, in which I’d be holding the ID – so my face could be compared to that on the ID, presumably.

I wasn’t thrilled about doing any of this, for a variety of reasons. For starters, I don’t trust the promises from these third parties to not retain any of my “personally identifiable information.” I believe most online companies will look for every means available to monetize any piece of data they collect on their users (and seek every loophole in every law preventing them from doing so), and my assumption is that companies offering age verification services will be no different from their peers in that regard. And if such companies collect and store this data, malicious hackers will access it eventually, rest assured.

Beyond privacy concerns, I kept thinking about the lack of notice involved here. One day I’m a member of a porn site who can log in any time and check out the latest updates, then the next day, I’m forced to hand over my name, contact information and ID to some company out of the UK, just for the honor of accessing content I’d already paid to access? Even if that’s not an illegal or tortious arrangement, such a transition certainly doesn’t feel right.

Ultimately, despite my reservations, I decided to go ahead with the age verification process. As much as anything, I was now curious to see just how onerous it was and what all it would require of me.

A funny thing happened though; after uploading a photo of my ID, I was told I’d been verified and could now continue to the members area – no selfie required, no further personal information, just the email address I’d already given them on the previous page of the form and the scan of my ID.

Maybe I should be pleased by the fact I didn’t have to upload a selfie, but instead I’m struck by the pointlessness of it all. All this service had done was verify that someone had uploaded a driver’s license belonging to a man in his 50s, but in no way had they established it was the man in his 50s himself who had uploaded it.

The good news, I suppose, is that now I have access to the content for which I’d already paid. The bad news is… well, the bad news is unknowable, really. But when the bad news comes, with it may come answers to several questions I now have.

How many members of this same site will opt to cancel their memberships, or demand refunds, as I considered doing, rather than go through with the age verification process?

How many minors will find out about how easy it is to circumvent the age verification process of this age verification vendor?

Is this vendor truly not storing age verification documents? If they are storing such documents, will I learn that’s the case via an extortionate email threatening to reveal my porn preferences to my employer or family members?

But the biggest question, at least as I sit here right now typing, is this one: Through this age verification process, what was “verified,” exactly?

Exactly. I don’t know, either.

Read More »

California Governor Signs Device-Level Age Verification Bill Into Law

Gavin Newsom

LOS ANGELES — California Gov. Gavin Newsom, a Democrat, signed into law Assembly Bill (AB) 1043 on Monday, implementing an age verification regime that requires users’ ages to be verified at the device operating system and/or app store level when setting up a new phone, tablet, or computer.

The bill, known as the Digital Age Assurance Act, covers all major operating systems, including Google’s Android and Apple’s iOS. Set to take effect on Jan. 1, 2027, it requires the companies that own and operate these systems to develop a mechanism allowing users to enter and confirm their ages by the summer of that year.

This also means that age verification must occur when users download or purchase apps and content from Google Play or the Apple App Store.

Under the legislation, violations could cost companies up to $2,500 per affected child, with intentional violations climbing to $7,500 per child. The law also “shields” companies from liability for so-called “erroneous age signals” as long as they make a good-faith effort to comply.

Erroneous signals may arise from the use of virtual private networks (VPNs) and other proxy tools designed to bypass age restrictions online.

In addition, the law introduces new safety requirements for digital platforms and services, including measures to prevent suicide and self-harm, clear warnings about social media and AI-powered chatbots, and tougher penalties for profiting from unlawful deepfakes.

“Emerging technology like chatbots and social media can inspire, educate, and connect—but without real guardrails, technology can also exploit, mislead, and endanger our kids,” Gov. Newsom said in a statement issued by his office. He continued, “We’ve seen some truly horrific and tragic examples of young people harmed by unregulated tech, and we won’t stand by while companies continue without necessary limits and accountability.

“We can continue to lead in AI and technology, but we must do it responsibly—protecting our children every step of the way. Our children’s safety is not for sale.”

Beyond device-level age verification, the legislation mandates warning labels on social media platforms to alert young users to the potential risks of excessive use.

It also strengthens penalties for deepfake pornography, allowing victims of non-consensual deepfakes to pursue civil damages of up to $250,000 against individuals who knowingly distribute such material.

“These bills establish guardrails that protect our children’s health and safety while ensuring innovation moves forward responsibly, showing that we can have both at once, always with future generations in mind,” said Jennifer Siebel Newsom, the First Partner of California.

Industry stakeholders have long touted device-level age verification as a potential compromise to existing age-gating systems, which typically occur at the website or platform level. Aylo, the parent company of Pornhub.com, has previously endorsed device-level verification as a privacy-preserving alternative to ID uploads and facial scans.

Read More »

Tokyo Valentino Denied Building Permit for New Decatur Location

Tokyo Valentino

DECATUR, Ga. — Tokyo Valentino, an adult retailer with multiple locations across Georgia, was denied a building permit for a new store under construction on Lawrenceville Highway in the Greater Decatur area, according to local reports.

Juliana Njoku, DeKalb County’s planning and sustainability director, informed company representatives that they failed to clearly disclose the property’s intended use.

DeKalb County later issued a public statement explaining, “Following a thorough administrative review, the County has determined that the building permit and related business license applications associated with this property contain incomplete and inconsistent information regarding the intended business use.

“As a result, the building permit has been revoked, and the business license application remains incomplete pending further documentation from the applicant. … Specifically, the applications did not fully disclose the intended use of the premises at the time of submission, and subsequent filings identified the sale of adult-oriented materials. This change in use requires a different level of zoning review and compliance with County ordinances that regulate adult-oriented establishments.”

In an email to Njoku, company representative Michael S. Morrison said Tokyo Valentino believes the revocation was a misunderstanding.

“It is Tokyo Decatur’s intention to comply with local ordinances to be a compliant, good corporate citizen,” Morrison wrote on behalf of Tokyo Decatur, the firm responsible for the new location. “We are a proud and vocal participant in the LGBTQ+ community.”

According to the letter, Tokyo Valentino entered into a lease for the property at 1850 Lawrenceville Highway, Suite 200. The landlord, Air Hospitality Group, agreed to bring the space up to code before occupancy and hired MSM Builders LLC for the renovation. The building permit in question was issued between the landlord and property manager.

Officials likely denied the permit based on the assumption that the store would operate as a fully adult-oriented business, which is restricted under local zoning laws.

“‘Tokyo Valentino’ is only a retail store that will be selling less than the allowable 20 percent threshold of marital aids,” Morrison clarified. “We mostly serve the LGBTQ+ community. This location has no live entertainment, nor video booths, etc. Tokyo is no different than the ‘Spencer’s’ stores found in malls all over America.”

“Tokyo is happy to sign any document affirming its intention to comply with DeKalb County code,” Morrison added. “It is always Tokyo’s intention to be a good corporate citizen and a proud supporter of the queer community.”

Read More »

New York City Sues Social Media Giants Over Youth Mental Health Crisis

Social media logos

NEW YORK — New York City has filed a sweeping lawsuit accusing Facebook, Google, Snapchat, TikTok, and other major online platforms of contributing to a youth mental health crisis by making their products addictive to children.

The 327-page complaint, filed Wednesday in Manhattan federal court, seeks damages from Meta Platforms, owner of Facebook and Instagram; Alphabet, owner of Google and YouTube; Snap Inc., which operates Snapchat; and ByteDance, parent company of TikTok. The city accuses the companies of gross negligence and creating a public nuisance.

The lawsuit aligns New York City with a growing wave of state and local governments, school districts, and individuals involved in roughly 2,050 similar cases consolidated in federal court in Oakland, California. With a population of 8.48 million residents, including 1.8 million minors, New York City is among the largest plaintiffs in the national litigation. The city’s school system and healthcare agencies are also listed as plaintiffs.

Google spokesperson Jose Castaneda pushed back on the claims, saying that allegations involving YouTube are “simply not true,” noting that “it is a streaming service and not a social network where people catch up with friends.”

The other defendants did not immediately respond to requests for comment.

A spokesperson for New York City’s law department said the city withdrew from a separate lawsuit announced by Mayor Eric Adams in February 2024 in California state court so it could instead join the consolidated federal case.

Platforms Accused of Exploiting Youth Behavior

The complaint alleges that the defendants “designed their platforms to exploit the psychology and neurophysiology of youth” to encourage compulsive use and maximize profits.

It cites data showing that 77.3% of New York City high school students — and 82.1% of girls — report spending three or more hours daily on screens, including phones, computers, and televisions. The city claims such heavy use has led to lost sleep, chronic school absences, and worsening mental health.

In January 2024, the city’s health commissioner declared social media a public health hazard, noting that the city and its schools have been forced to spend increasing taxpayer funds to address the mounting youth mental health crisis.

Link to Dangerous Trends

The complaint also ties social media use to a surge in “subway surfing” — the dangerous trend of riding on top of or clinging to the sides of moving subway cars. Since 2023, at least 16 people have died while subway surfing, including two girls aged 12 and 13 this month, according to police data.

“Defendants should be held to account for the harms their conduct has inflicted,” the city said in the filing. “As it stands now, (the) plaintiffs are left to abate the nuisance and foot the bill.”

Read More »

Ohio Attorney General Warns Porn Sites Over Violations of New Age-Verification Law

Dave Yost

Ohio Attorney General Dave Yost has issued formal warnings to 19 pornography websites, alleging they are violating the state’s new age-verification law and could soon face legal action if they do not comply.

“This duly enacted law protects young, impressionable children from the harms of adult-only material found online,” Yost said in an Oct. 8 news release. “It’s time for these companies to explain why they think they’re above the law.”

The recently enacted Ohio law requires any organization that sells or presents materials or performances deemed “obscene or harmful to juveniles” to verify users’ ages using photo identification or other official records, such as mortgage or employment data. Companies that fail to meet these standards risk being sued by the state.

Pornhub, one of the sites named, argues that the legislation doesn’t apply to its operations due to an exemption for web hosting platforms. However, according to the Ohio Attorney General’s Office, a review of 20 adult sites determined that all but one failed to comply with the new verification requirements.

Yost’s office sent violation notices to the noncompliant companies, warning them that they could face lawsuits if corrective measures are not taken within 45 days.

“Intentional noncompliance places minors at risk,” the letters stated. “We urge you to take immediate corrective action.”

Read More »

A History of Gendered Censorship and the Costs of Faith-Based ‘Porn’ Panics

Michael McGrady opines on faith based porn panics:

What happens when a small faction of politicians attempts to impose their faith-driven vision of “American values” at the expense of free speech, queer visibility, and secular governance? The growing wave of anti-pornography proposals—ranging from full bans on adult content to invasive age-verification laws—illustrates how far the far-right is willing to transform moral panic into legislation, regardless of constitutional limits or practical absurdity.

One striking example comes from Michigan state representative Josh Schriver, a Republican known for racist, homophobic, and inflammatory rhetoric. In September 2025, Schriver went viral after introducing a proposal to completely outlaw online pornography in Michigan’s digital sphere. Even many conservatives expressed skepticism, acknowledging the proposal’s blatant overreach into free speech protections.

Schriver’s bill, House Bill 4938—formally titled the “Anti-Corruption of Public Morals Act”—would impose sweeping criminal penalties and steep fines for distributing or possessing what it vaguely defines as “prohibited material.”

Read More »

Breaking Down HB 805 and How it Affects the Adult Industry

Adult industry attorney Corey Silverstein talks about North Carolina’s HB 805 and how it impacts our business.

Read More »

Ukrainian OnlyFans Creators Face Nearly $10 Million in Unpaid Taxes

Ukraine Flag

KYIV — Ukraine’s State Tax Service has announced that local content creators collectively owe the equivalent of $9.3 million in unpaid taxes, primarily tied to income earned through the subscription platform OnlyFans between 2020 and 2022.

According to a report from the Ukrainian outlet Economic Truth, the tax debt amounts to 384.7 million hryvnia and stems from revenue generated by Ukrainian residents from the London-based company Fenix International Ltd., which operates OnlyFans.

“The total amount of tax debt that arose for individual residents of Ukraine due to nonpayment of taxes on income received from Fenix International Ltd. (the company that owns the OnlyFans platform) during 2020–2022 is UAH 384.7 million,” the report states.

Economic Truth also noted that the OnlyFans platform “is used primarily for posting and monetizing pornographic content,” and emphasized that the production or distribution of pornography remains a criminal offense in Ukraine.

“According to Article 301 of the Criminal Code, liability for such activity can reach up to seven years in prison,” the publication added.

In July, Ukrainian officials faced renewed debate over the issue after President Volodymyr Zelensky responded to a petition from OnlyFans users urging support for draft law No. 12191, titled “On Amendments to the Criminal Code of Ukraine to Improve Certain Provisions on Criminal Offenses Against Public Order and Morality.”

Zelensky did not publicly take a stance on decriminalization but noted that the proposal was currently under review by the Verkhovna Rada, Ukraine’s parliament.

He explained that his involvement “will only come into play should the Verkhovna Rada adopt the law.”

Read More »

European Patent Board Overturns Satisfyer Patent

EU flag

STOCKHOLM, Sweden — The European Patent Office’s Board of Appeals has revoked a patent held by EIS GmbH, ruling that it infringed on intellectual property owned by pleasure product manufacturer Lelo. EIS, the parent company behind the Satisfyer brand, has been engaged in a prolonged legal dispute with Lelo over ownership of patents covering air pulse technology.

The overturned patent, EP3228297, titled “Pressure Waves Massage Apparatus,” was designed to protect the technology used in Satisfyer’s range of air pulse vibrators and similar products. The Board’s decision effectively halts EIS’s ability to pursue legal action against wholesalers and retailers selling competing pressure wave devices on claims of patent infringement.

The ruling follows a series of lawsuits in which EIS had targeted retailers offering Lelo’s Sona, Sila, and Enigmaproducts, alleging they violated Satisfyer’s patent rights.

“This decision confirms what Lelo believed all along: its innovative designs and technologies are distinct and original, upholding the brand’s reputation for pioneering excellence in the intimate wellness industry,” Lelo said in a statement.

The decision is final and non-appealable, and applies to all member states of the European Patent Convention, which governs patent protections across much of Europe.

Member countries include Albania, Austria, Belgium, Bulgaria, Switzerland, Cyprus, Czechia, Germany, Denmark, Estonia, Spain, Finland, France, the United Kingdom, Greece, Croatia, Hungary, Ireland, Iceland, Italy, Liechtenstein, Lithuania, Luxembourg, Latvia, Monaco, North Macedonia, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Sweden, Slovenia, Slovakia, San Marino, and Türkiye.

Read More »