A new investigation reveals how mandatory age verification in France has become a data collection bonanza, exposing the true nature of the global push for digital identity systems.
The digital ID agenda has taken another concerning turn with the release of a damning report from AI Forensics exposing massive privacy violations in France’s mandatory age verification system. What was supposed to protect children has instead created a surveillance infrastructure that captures intimate browsing data, facial scans, and personal information—all while routing sensitive data through Amazon’s servers with minimal oversight.
The AgeGO Scandal: Privacy Promises Broken
AI Forensics’ investigation found that AgeGO, an age verification service used by three of the six pornographic websites currently complying with France’s online regulations, is systematically violating user privacy despite claims of offering “double anonymity” protection.
The findings are devastating: “We observed that, despite claiming to offer ‘double anonymity’ options (intended to hide user traffic), AgeGO collects the URL of the video the user attempts to watch.” When users select the ‘selfie’ verification method, their webcam stream is transmitted directly to Amazon Web Services.
Here’s what AgeGO is actually collecting:
- Exact video URLs that users attempt to access- Complete browsing data including the specific websites visited- Facial scans and webcam feeds sent directly to Amazon AWS- IP addresses and browser details- Email addresses required for account creation- User agent information revealing device and browser details
According to the AI Forensics report, this privacy violation occurs before verification even begins: “prior to selecting a verification option and prior to consenting AgeGO’s Privacy Policy, the user’s browser sends a request to AgeGO’s server disclosing: the website currently visited, and the exact video the user is attempting to access.”
Women’s Safety App Tea Suffers Massive Data Breach, Users’ IDs Exposed on 4chan
The “Double Anonymity” Deception
France’s regulations specifically require “double anonymity” as defined by regulator Arcom’s October 2024 technical guidelines, where “the age verification provider – in this case, AgeGO – must not know for which service (i.e. which pornographic website) the verification is performed.”
This standard is meant to ensure that those performing the verification process have no knowledge of which websites users are visiting or what content they attempt to access. But AI Forensics found that AgeGO doesn’t meet those expectations.
Instead of protecting user privacy, the system creates detailed profiles linking:
- Real identities (through facial recognition and ID verification)- Specific browsing habits and content preferences- Precise timestamps of access attempts- Device and network information
As the report notes: “AgeGO’s selfie verification method not only transmits to AWS the user’s webcam feed but also exposes their IP address, user agent, and the fact that they are accessing an 18+ website via AgeGO.”
Rush to Implementation, Privacy as Afterthought
Adult website operators report being pressured into implementing flawed systems under tight deadlines. Speaking anonymously to Tech&Co, one operator said, “We had warned in advance that it was not ideal, but the haste was such that we could not do otherwise.”
This rush to implement age verification reflects a broader pattern we’re seeing globally: governments mandate digital identity systems with little consideration for privacy implications, leaving private companies to vacuum up sensitive data with minimal oversight.
Although France’s data protection authority CNIL and regulator Arcom have yet to publicly address the issue, Arcom has acknowledged to Le Parisien that it is reviewing the AI Forensics findings.
The Global Digital ID Agenda Accelerates
The AgeGO scandal is just the latest example of how age verification requirements are being used to normalize digital identity systems worldwide. This isn’t about child safety—it’s about building surveillance infrastructure:
United States
Nearly half of U.S. states passed laws imposing age verification requirements on online platforms in 2024, with laws spreading across jurisdictions despite constitutional challenges.
United Kingdom
As of July 25, 2025, platforms must use “highly effective age assurance” to prevent children from accessing pornography or content related to self-harm, suicide, or eating disorders. This isn’t just about adult websites—major platforms including Reddit, Discord, X (formerly Twitter), Spotify, and even dating apps like Tinder and Bumble now require age verification for UK users.
Australia
Australia is preparing to enforce mandatory age verification across social media platforms beginning December 10, 2025, with eSafety Commissioner Julie Inman Grant telling tech giants they must implement broad “age assurance” systems and that “self-declaration of age will not, on its own, be enough.”
European Union
Eleven EU member states are pressing the European Commission to rewrite its guidance under the Digital Services Act to mandate age checks for social media platforms, including France, Ireland, Greece, and Austria.
The Privacy Implications Are Staggering
As the Electronic Frontier Foundation warns, “When privacy is involved, regulators must make room for negotiation. There should be more thoughtful and protective measures for holders interacting with more and more potential verifiers over time. Otherwise digital ID solutions will just exacerbate existing harms and inequalities, rather than improving internet accessibility and information access for all.”
The infrastructure being built for age verification creates:
Mass Surveillance Capabilities: Systems designed to verify age inevitably collect far more data than necessary, creating detailed profiles of online behavior.
Centralized Data Honeypots: Once systems are in place to scan faces, verify IDs, or track user activity for the sake of age assurance, they can be leveraged for other purposes by platforms or the state.
Erosion of Anonymity: The fundamental right to browse the internet anonymously is being systematically dismantled under the guise of protecting children.
Corporate Data Harvesting: Private companies like AgeGO are positioned as gatekeepers, collecting intimate data with minimal accountability.
Australia’s Digital ID and the Israeli Connection: AU10TIX’s “Digital Twins” Technology
Industry Resistance and Workarounds
The public is already pushing back against these invasive systems:
Following the UK’s implementation, VPN downloads surged to the top of Apple’s App Store, while a petition calling for the law’s repeal attracted over 500,000 signatures. The message from users is clear: they want privacy, not digital surveillance.
Companies like NextDNS have introduced “Bypass Age Verification” features using DNS-level geo-spoofing to circumvent age checks without requiring users to upload personal identification.
Meanwhile, websites that ignore age verification requirements are seeing massive traffic boosts. Some pornography sites that disregarded the UK’s “scan your face” rule entirely have doubled or even tripled their audiences compared to the same time last year.
The Real Agenda Exposed
The AgeGO scandal reveals the true nature of the digital ID agenda:
- Rushed Mandates: Governments impose requirements without adequate privacy protections2. Private Data Collection: Third-party companies become data brokers with access to intimate information3. Minimal Oversight: Regulators fail to enforce their own privacy standards4. Mission Creep: Systems built for one purpose inevitably expand to broader surveillance
As privacy advocates have warned, proponents of these bills are “downplaying First Amendment concerns and planning to push ahead with their mission to upend the nature of the internet and transform it into a sanitized, restrictive space where online age verification is the norm.”
What This Means for Internet Freedom
The French age verification system’s privacy failures are not a bug—they’re a feature. The digital ID agenda requires the normalization of identity verification for online access, and child safety provides the perfect political cover.
As lawmakers worldwide pass legislation “mandating online services and companies to introduce technologies that require people to verify their identities to access content deemed appropriate for their age,” we’re witnessing the systematic dismantling of online anonymity.
The infrastructure being built today under the banner of child protection will inevitably be expanded for other purposes. Once the precedent is set that accessing online content requires government-verified identity, there’s no turning back.
Australia’s Digital Revolution: Age Verification and ID Checks Transform Internet Use
The Path Forward
The AgeGO scandal should serve as a wake-up call. We need:
- Immediate suspension of age verification mandates until robust privacy protections can be implemented- Independent audits of all age verification providers to expose similar privacy violations- Legal challenges to laws that impose digital identity requirements for online access- Technical resistance through privacy-preserving tools and services- Public awareness of how “child safety” rhetoric is being used to justify mass surveillance
The choice is clear: we can accept a future where every click is monitored and every online interaction requires government-verified identity, or we can fight for an internet that preserves the fundamental right to privacy and anonymity.
The digital ID agenda is not inevitable—but only if we resist it now, before the surveillance infrastructure becomes too entrenched to dismantle.
Reddit’s Digital ID Enforcement: A Gateway to Privacy Erosion and Doxing Risks
Stay vigilant. The price of digital freedom is eternal privacy advocacy.