Commentary

Ben Suroeste opines on a new age verification service. Here’s a summary:

Brady Mills Agency just rolled out AgeWallet, their shiny new age-verification system they say will help small adult-sector merchants survive the avalanche of new compliance rules. They’re leaning hard on the idea that the Supreme Court’s FSC v. Paxton ruling kicked the industry into fast-forward, and honestly, they’re not wrong—tools like this are going to keep popping up like mushrooms after rain.

What stands out, though, is the quieter warning baked into the announcement: the beginning of a serious crackdown on VPNs. AgeWallet claims it can detect proxies, masked locations, all of it—and force users to re-verify if anything looks off. Great for merchants trying to stay legal. Not so great if you’re living under a government that already decides what you’re allowed to read or watch. For those of us who remember the scrappy, boundary-free internet, this feels less like progress and more like another brick in the wall.

YNOT NEWS | Open The Age Verification Floodgates!

ATLANTA, Ga. – Earlier this week, the Brady Mills Agency, an Atlanta-based technology firm, announced the launch of AgeWallet,

Read More

www.ynot.com

Over on Forbes.com right now, there’s an article making the point that when you read somewhere that traffic from the UK to Pornhub is down 77%, you might want to take that figure with a grain of salt. Or maybe a pillar of the stuff.

Writing for Forbes, Zak Doffman goes further still, suggesting “you can completely ignore” such a claim because “it’s not true.”

“What’s actually happening is that U.K. adults are turning to VPNs to mask their locations,” Doffman writes. “Just as residents of U.S. states affecting bans now pretend to be someplace else. Pornhub makes this as easy as possible.”

The article goes on to cite (perhaps accurately – I’m certainly no expert on VPNs) a variety of reasons why this sudden expansion in VPN use may not be a good thing, including the eye-catching assertion that “VPNs are dangerous.”

“You are trusting all your content to a third-party provider who can see where you are and the websites you visit,” Duffman writes. “At a minimum. There are plenty of reports of rogue VPNs doing much worse than that. In particular, you must avoid free VPNs and Chinese VPNs. Stick to bluechip options.”

Duffman is probably right and his advice on sticking to the name brand VPNs probably makes good sense. But as a guy who misses the era of what people call the “open internet” my concern isn’t so much rogue VPN operators as it is rogue legislators.

As I read Duffman’s piece, I couldn’t help but imagine some elected official somewhere reading the same piece and saying to himself/herself: “OH. MY. GOD. This VPN thing MUST be stopped, whatever it is.” The manner of legislation that follows this sort of epiphany typically tries to solve one problem by creating another. Or maybe several others.

The thing is, it’s not Duffman’s warning about the potential dangers of VPN use that will drive the concern of my hypothetical legislator, not the potential security threat or the nefarious actors out there offering free VPNs.

No, what will get the legislators all fired up and ready to wield their pens again will be the part about the ease of using VPNs to get around their precious, legally mandated age verification walls.

I don’t expect too many legislators will seek to ban VPN use altogether, although doubtlessly there will be some bright bulb somewhere who proposes exactly that. More likely, what they’ll do is add something to an existing age verification statute that prohibits “facilitating the use of technology to circumvent state law” on the part of the adult site, or mandating that adult sites have to do what a lot of paywalled sites do for their own reasons, which is try to detect and defeat VPN use.

As Duffman notes, websites can “look at your browser settings or cellular settings or recognize you from previous visits…. That’s why it’s harder to watch live sports from your usual provider when you’re away from home, their market restrictions try to catch you out. Porn sites do not.”

For the sake of adults in the UK and elsewhere who would rather not hand over their sensitive personal information to a third party just to exercise their right to look at sexually explicit images, here’s hoping porn sites aren’t soon forced to do what they’re currently choosing not to do.

There’s a quiet rule that’s floated around cybersecurity circles for years: don’t hold onto more data than you’re capable of protecting. Simple, elegant, almost parental in its logic — if you can’t safeguard it, don’t collect it.

But the world doesn’t care about that rule anymore.

Laws around identity and age verification are spreading fast, and they’re forcing companies—whether they’re ready or not—to gather and store the most intimate, high-risk documents a person can hand over. Passports. Driver’s licenses. National IDs. All the things you’d rather keep in your own pocket, not scattered across the servers of whoever happens to run the website you’re using.

And then something like the Discord breach happens.

In early October 2025, The recent data breach involving Discord. Not Discord’s internal systems—one of the partners handling support. Hackers got access to support-ticket data: names, emails, IP addresses, billing info, conversation logs… the usual mess. But tucked inside that mess was something far more sensitive: government-issued IDs.

These were collected for one reason: to prove a user was old enough to be there. To appeal an underage ban. And suddenly, the private documents people reluctantly handed over “just to get their account back,” were sitting in someone else’s hands entirely.

The Trap These Laws Create

Discord didn’t wake up one day deciding it wanted a folder full of driver’s licenses. Companies aren’t hungry for that kind of liability. But regulators have been ramping up age-verification mandates, and the penalties for non-compliance are steep enough to make anyone comply.

You can see the logic in the laws. Protect kids. Keep platforms accountable. Reasonable goals.

But look closely at the side effects:

We’ve built a system where organizations must stockpile some of the most breach-sensitive personal data in existence — even when they have no business storing it, no infrastructure built to protect it, and no desire to be holding it at all.

The old rule of “collect as little as possible” dies the moment a legal mandate requires collecting everything.

One Breach Becomes Everyone’s Problem

And once a company becomes responsible for storing IDs, the risk spreads. Healthcare portals, schools, banks, e-commerce shops, SaaS platforms — anyone providing service to the general public could end up in the same situation.

Every new database of passport scans is a future headline waiting to happen.

And when it happens, the fallout isn’t just personal. It’s financial. Legal. Reputational. You lose customer trust once — and you don’t get it back.

For small companies, one breach can simply end the business.

The MSPs Get Pulled Into the Storm

Managed service providers—MSPs—don’t get to sit this one out. They inherit the problem from every client they support. One MSP breach doesn’t just hit one organization. It hits all of them at the same time.

And the typical MSP environment? It’s a patchwork quilt of tools stitched together over time:

• One for backups

• One for endpoint protection

• Another for vulnerability scanning

• A different one for patching

• Another for monitoring

• And maybe one more to try and tie it all together

Every tool is another doorway. Another password. Another integration that can fail silently. Another shadow corner where data can slip unencrypted or unmonitored.

In an age when MSPs are being asked to guard government IDs, medical files, financial records, and entire networks—you can’t afford those shadows.

The Fix Isn’t “More Tools” — It’s Fewer

The only real path forward is simplification.

Not by removing security controls, but by merging them. Consolidation. Native integration. One platform where backup, protection, monitoring, and recovery exist inside the same ecosystem, speaking the same language, managed from the same place.

When everything runs through a single agent with one control plane:

• There are fewer gaps.

• There are fewer weak handoffs.

• There are fewer places for attackers to slip in unnoticed.

• And the attack surface shrinks dramatically.

You trade chaos for clarity.

You trade complexity for protection.

The New Reality

That old cybersecurity rule—don’t collect more data than you can protect—wasn’t wrong. It’s just not optional anymore.

The Discord breach isn’t a one-off story. It’s a preview. A warning shot.

Organizations are being legally pushed into storing the exact type of data that attracts attackers the most. And MSPs are being put in charge of securing it at scale.

So the question shifts:

If you no longer get to choose how much data you collect…

you have to be very deliberate about how you protect it.

And that means rethinking the entire structure of how we secure systems—not by addition, but by alignment.

Because now the stakes aren’t abstract. They are literal: your identity, my identity, everyone’s identity.

And someone is always watching for the first loose thread.

Adult Attorney Corey Silverstein talks about how to stay legally protected as an adult website owner. Here’s a summary of the article:

It feels like the adult industry just hit a hard reset. Age verification laws are no longer theoretical — they’re real, enforced, and expensive to ignore. And because every region wants something slightly different, the once-standard “one policy fits everywhere” approach is basically dead. If a site can’t explain exactly how it keeps minors out, it’s already behind.

At the same time, regulators and payment processors are demanding proof that every bit of content is consensual and monitored. The Aylo case didn’t accuse anyone of new wrongdoing, but it sent a clear message: it’s not enough to say you have safeguards — you need documentation, systems, records, and the ability to show them working. Old blanket model releases aren’t enough anymore. Consent now has to be specific, traceable, and ongoing.

And hanging over all of this is data privacy — the silent one that can shut a company down overnight. GDPR and CPRA require clear deletion rights, consent controls, and minimal data collection. Most adult sites still haven’t updated. The takeaway is simple: the old shortcuts are now risks. The companies that survive will be the ones who update before they’re forced to — not after.

How to Stay Legally Protected When Policies Get Outdated

The adult industry has long operated in a complex legal environment subject to rapid change. Now, a confluence of age verification laws, lawsuits, credit card processing and data privacy rules has created an urgent need for all industry participants — from major platforms to independent creators — to review and potentially overhaul their legal and operational policies.

Read More

www.xbiz.com

Spiked’s Adam Edwards opines on the Online Safety Act in the UK.

The story centers on U.S. lawyer Preston Byrne, who represents the message board 4chan and is openly defying the UK’s Online Safety Act. When the UK regulator Ofcom issued 4chan a £20,000 fine, Byrne publicly mocked the demand and argued that British law has no legal power over companies and citizens who have no operations or assets in the UK. He views the Online Safety Act as an overreaching censorship regime and says Ofcom is trying to enforce rules outside its jurisdiction by sending threatening letters instead of going through proper international legal channels.

The Online Safety Act requires any online platform accessed by UK users—regardless of where the company is based—to submit risk assessments, reports, and censorship plans, under threat of fines or even jail for executives. While 4chan has refused to comply and likely faces no real consequences because it has no UK presence, larger American companies like Meta and Google do have substantial assets in Britain, making potential enforcement far more serious. This has sparked broader questions about sovereignty, free speech, and whether a foreign government can compel U.S. companies to restrict or monitor content.

To counter the UK’s moves, Byrne has launched both a legal challenge in U.S. federal court and proposed new U.S. legislation called the GRANITE Act, which would allow American companies to sue foreign regulators like Ofcom if they attempt to impose fines or censorship demands. If passed, it could effectively block foreign censorship attempts and even allow U.S. courts to seize foreign government assets in retaliation. Byrne argues that if the UK cannot force U.S. firms to comply, British lawmakers may eventually be forced to reconsider the Online Safety Act altogether.

Why is Ofcom trying to censor Americans?

The UK’s communications quango is sticking its beak into America.

Read More

www.spiked-online.com

As you’re likely aware, since you’re reading this site, in recent years there’s been a proliferation of new state laws across the United States that require adult websites to verify the age of users before displaying any content that may be deemed “harmful to minors” to those users.

After the recent Supreme Court decision in Free Speech Coalition v. Paxton, in which the court upheld the age verification mandate passed by the Texas legislature, similar laws in other states are now clearly enforceable. With Missouri’s law poised to take effect later this month, it’s a good time to remind ourselves of the states that have (and haven’t, yet) passed similar laws.

The states with active age verification mandates in place include Alabama, Arizona, Arkansas, Florida, Georgia, Idaho, Indiana, Kansas, Kentucky, Louisiana, Mississippi, Montana, Nebraska, North Carolina, North Dakota, Ohio, Oklahoma, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia and Wyoming. And as mentioned earlier, Missouri will soon join this list.

Quite a few states have not yet passed age verification laws, at least to date. Those states include Alaska, California, Colorado, Connecticut, Delaware, Hawaii, Illinois, Iowa, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nevada, New Hampshire, New Jersey, New Mexico, New York, Oregon, Pennsylvania, Vermont, Washington, West Virginia and Wisconsin.

Several of the states on the list of those that haven’t passed age verification laws have considered such proposals in the past and may do so again in the future, of course. Doubtlessly, there are at least some legislators in every state who favor the measures and are likely to introduce new bills at some point in the future.

States that haven’t passed age verification laws but have debated them at some point include Colorado, Hawaii, Illinois, Iowa, Maryland, Michigan, Minnesota, Nevada, New Mexico, New York, Oregon and West Virginia.

For much more information on age verification laws around the country – and to keep track of new bills that would establish them in additional states – check out the Age Verification section of the Free Speech Coalition website.

I was browsing the membership area of an adult site earlier this week, having “verified my age” during a previous visit, when I came across a curious scene. Halfway down the main page of the membership area was a row of banner ads for other sites, a row of ads I’ve scrolled past so many times the messages on them hardly register anymore.

But on this day, the look of this section was quite different than before. Instead of ads for other porn sites, two of the six ads were displaying messages telling me that they couldn’t show the content of the ads, due to the age-verification laws now in effect in my home state.

This was bizarre, frankly. It was a little like being asked to show my ID at the front door of a nightclub to gain entry, then having to show it again when I reached the bar, only instead of showing it to the bartender. I’d probably need to show it to the beer distributor.

Compliance by adult sites with the age verification law my home state has passed is very inconsistent, thus far. One thing I’ve noticed is the more prominent and high profile the brand, the more likely it is the company is either requiring its users to go through the age verification process or outright blocking traffic from the state.

The converse also appears to be true; the lesser known (and less likely to be legitimate) the adult site, the less likely it is to be complying with the state age verification laws proliferating around the United States.

Put another way, state governments are unintentionally (one hopes it’s unintentional, at least) funneling traffic to adult sites that are on the more questionable end of the legal spectrum, whether the laws being flaunted are age verification requirements, intellectual property laws, revenge porn laws or all the above.

Meanwhile, the adults among us who don’t find their porn by blind browsing of whatever free porn site crosses our path, the age verification requirements are repeatedly inconveniencing and irritating us as we merely try to make the most of subscriptions that were active before these laws were even cooked up.

Look, I’m not against age verification. I don’t mind the idea of making people show ID to access porn at all. That’s how things have worked in the offline world for ages, after all. What I’m against is the reality of how age verification is being handled.

What these age verification laws have handed us is a dumbed-down internet, one where in the interest of (ineffectively) “protecting children,” everyone is being treated like a child – at least where porn is concerned. If what you’re after is extreme violence or hate speech, there’s no age verification barrier to worry about, because apparently that sort of content doesn’t harm kids at all.

This special focus on porn might not last, though. And I wish the reason for the change was that legislatures around the country are going to come to their senses and stop trying to tame the internet on the sort of vain quest that even Don fucking Quixote would know to be utter folly.

Instead, what you can expect are more laws like the “Texas App Store Accountability Act,” which is currently being challenged in court by students who think maybe it’s not reasonable to require them to get permission from their parents before they download any app.

“Texas has passed a law presumptively banning teenagers – and restricting everyone else – from accessing vast online libraries of fully protected speech,” the complaint argues.

Sounds familiar, eh?

Even if you believe age verification laws for porn sites are a good idea, do you really want to see them spread out and cover everything online that might potentially be bad for kids to access?

Give that one some real thought before you answer. Unfortunately, that’s something our elected representatives are unlikely to do.

A couple years back, when many of the state laws requiring age verification on the part of adult websites were merely proposals floating around in state legislatures, a state legislator from one of the few states that already had such a law on its books publicly noted that Pornhub had begun blocking all traffic from the state, which meant the law was “already working” as intended.

I remember seeing a clip online of the legislator saying this and wondering if she knew just how right she was. The law she was talking about may have been presented as a measure to deter kids from accessing online porn, but in truth, it was about making it harder for anyone to access online porn.

While you might not realize it if you were to review some of the blatantly unconstitutional stuff they dream up, most state legislators do know they can’t simply ban speech they don’t like. They know this is true whether the speech they dislike is sexually-explicit material like porn, speech intended to “annoy” or “offend” people who share their sensibilities or speech from Jimmy Kimmel.

Legislators, censorious activists and other vile creatures of darkness also know the next best thing to a ban is an effective effort to cow people into silence, whether by criminal law or civil sanction.

When attorneys and scholars who are familiar with the First Amendment and free speech issues discuss these things, you’ll often hear them reference the “chilling effect,” which in the context of legislation refers to “government unduly deterring free speech and association rights through laws, regulations or actions that appear to target activities protected by the First Amendment,” as the Free Speech Center at MTSU puts it.

When the Supreme Court recently upheld the Texas law requiring websites that offer over a certain amount of content deemed to be “harmful to minors” to verify the age of users before displaying any such content, the court effectively said the chilling effect of the Texas law is insubstantial, easily outweighed by the government’s “compelling interest” in deterring minors from accessing pornography.

A casual observer might think: “Good! Why shouldn’t adult sites be required to do the same thing the store on the corner has to do before selling someone porn?” But the casual observer maybe hasn’t thought this one all the way through.

The casual observer probably hasn’t considered the difference between briefly flashing your ID at a bored store clerk who probably didn’t give it much of a look anyway before waving you onward, and uploading a copy of your government issued ID, with your home address on it, to some third-party age verification service about which you know nothing.

The casual observer also may not have thought much about the websites that aren’t even arguably “porn sites,” but could still host enough content deemed “harmful to minors” to be covered by the law.

Worse still, this chilling effect is attached to a measure that isn’t particularly effective at its stated purpose. When Louisiana’s law was first passed, it took a matter of minutes for users to find a workaround – one that didn’t even require knowing what the acronym “VPN” signifies.

As a beloved old teacher of mine used to say about things of dubious value, these laws appear to be “worth their weight in sawdust” – except when it comes to their chilling effect.

As Hannah Wohl, an associate professor of Sociology at the University of California, Santa Barbara, put it in a post for The Hill, age verification laws “fail to protect minors and threaten the free speech of all Americans in ways that go far beyond pornography.”

“This chilling effect is by design,” Wohl added. “Pornography has long been the canary in the coal mine for other restrictions against free speech. Indeed, some conservatives have acknowledged that age verification laws are a back door to fully criminalizing pornography.”

No, age verification laws are not “blocks” or “bans” on pornography. But they certainly are barriers – and we’re not supposed to go around erecting barriers to protected speech in America, willy-nilly. There’s supposed to be a damn good reason (that “compelling interest” of the government’s), some indication that the law serves its purpose in furthering that interest, and an assurance that the law doesn’t burden too much speech that’s legal for adults to consume in restricting minors’ access to that same speech.

Or, as Vera Eidelman, senior staff attorney with the ACLU Speech, Privacy and Technology Project, put it when talking about the Supreme Court’s decision on Free Speech Coalition v. Paxton: “With this decision, the court has carved out an unprincipled pornography exception to the First Amendment. The Constitution should protect adults’ rights to access information about sex online, even if the government thinks it is too inappropriate for children to see.”

Unfortunately, to many of those who support and advocate for these laws, the chilling effect bemoaned by their critics is a design feature, not a bug.

As a guy who crossed the magic line of his 18th birthday over 35 years ago, it has been a damn long time since I was last asked to present identification documents as part of purchasing any age-restricted product.

More accurately, I should say it had been a damn long time – until last week, when I tried to log in to the members area of an porn website of which I’ve been a member for several months now.

Rather than simply being prompted to enter my username and password, I was presented with a dialog box informing me that before I could gain access to the site in question – a site to which I’ve already prepaid for nearly 90 more days of access, by virtue of a billing rollover that took place weeks ago – I needed to verify my age.

This struck me as odd and more than a little irritating. I was aware my home state is among those that have passed an age verification law directed at porn websites, but I had assumed existing customers, particularly those whose credit cards had been successfully billed several times already by the merchant involved, might somehow be “grandfathered in,” at least with respect to members’ area access.

No such luck, though. If I wanted to continue to access this site – in other words, if I wanted to receive the full benefit of the membership I’d already paid for – I would have to do business with whatever third-party service they’ve employed to perform the act of age verification on the site’s behalf, as well.

My immediate reaction was to close the browser, so I could weigh the question of whether to continue as a member of the site, cancel my account, or cancel my account and demand a refund. Nowhere in the agreement I ‘signed’ as part of joining the site did it state I’d have to do business with a third party to maintain future access to the site. Foisting that requirement on me without notice seemed dicey.

The first decision I made was not to act at all, right then. Among other things, the unexpected access-block had pissed me off a bit, and anger is never a good frame of mind for making decisions. I joined the site because I like the content they make and because I like watching it; should requiring me to show my ID really be so off-putting as to make me cancel, let alone demand a refund?

I sat on the decision for a couple days, straddling the fence on whether I’d jump through the age verification hoop that had been presented to me. Finally, I decided it made sense to see what the process required, how invasive it was of my privacy – and how effective or ineffective it seemed towards the stated end goal of verifying the users’ age and deterring minors from accessing the site. I could always back out before submitting anything, I reckoned.

The site in question offered only one option for an age verification service, one based in the United Kingdom. The system informed me that to verify my age, I’d need to upload a scan of one of several state-issued forms of ID: a driver’s license, a state ID, a passport, or state-issued military ID. It also referenced the possibility of uploading a selfie, in which I’d be holding the ID – so my face could be compared to that on the ID, presumably.

I wasn’t thrilled about doing any of this, for a variety of reasons. For starters, I don’t trust the promises from these third parties to not retain any of my “personally identifiable information.” I believe most online companies will look for every means available to monetize any piece of data they collect on their users (and seek every loophole in every law preventing them from doing so), and my assumption is that companies offering age verification services will be no different from their peers in that regard. And if such companies collect and store this data, malicious hackers will access it eventually, rest assured.

Beyond privacy concerns, I kept thinking about the lack of notice involved here. One day I’m a member of a porn site who can log in any time and check out the latest updates, then the next day, I’m forced to hand over my name, contact information and ID to some company out of the UK, just for the honor of accessing content I’d already paid to access? Even if that’s not an illegal or tortious arrangement, such a transition certainly doesn’t feel right.

Ultimately, despite my reservations, I decided to go ahead with the age verification process. As much as anything, I was now curious to see just how onerous it was and what all it would require of me.

A funny thing happened though; after uploading a photo of my ID, I was told I’d been verified and could now continue to the members area – no selfie required, no further personal information, just the email address I’d already given them on the previous page of the form and the scan of my ID.

Maybe I should be pleased by the fact I didn’t have to upload a selfie, but instead I’m struck by the pointlessness of it all. All this service had done was verify that someone had uploaded a driver’s license belonging to a man in his 50s, but in no way had they established it was the man in his 50s himself who had uploaded it.

The good news, I suppose, is that now I have access to the content for which I’d already paid. The bad news is… well, the bad news is unknowable, really. But when the bad news comes, with it may come answers to several questions I now have.

How many members of this same site will opt to cancel their memberships, or demand refunds, as I considered doing, rather than go through with the age verification process?

How many minors will find out about how easy it is to circumvent the age verification process of this age verification vendor?

Is this vendor truly not storing age verification documents? If they are storing such documents, will I learn that’s the case via an extortionate email threatening to reveal my porn preferences to my employer or family members?

But the biggest question, at least as I sit here right now typing, is this one: Through this age verification process, what was “verified,” exactly?

Exactly. I don’t know, either.

Michael McGrady opines on faith based porn panics:

What happens when a small faction of politicians attempts to impose their faith-driven vision of “American values” at the expense of free speech, queer visibility, and secular governance? The growing wave of anti-pornography proposals—ranging from full bans on adult content to invasive age-verification laws—illustrates how far the far-right is willing to transform moral panic into legislation, regardless of constitutional limits or practical absurdity.

One striking example comes from Michigan state representative Josh Schriver, a Republican known for racist, homophobic, and inflammatory rhetoric. In September 2025, Schriver went viral after introducing a proposal to completely outlaw online pornography in Michigan’s digital sphere. Even many conservatives expressed skepticism, acknowledging the proposal’s blatant overreach into free speech protections.

Schriver’s bill, House Bill 4938—formally titled the “Anti-Corruption of Public Morals Act”—would impose sweeping criminal penalties and steep fines for distributing or possessing what it vaguely defines as “prohibited material.”

A History of Gendered Censorship and the Costs of Faith-Based ‘Porn’ Panics - TheHumanist.com

Bigotry rebranded as moral purity.

Read More

thehumanist.com