Effective January 1, 2027, providers of computer operating systems in California will be required to implement age verification. That's just part of a wave of state and national laws attempting to limit children's access to potentially risky content without considering the perils such laws themselves pose. Now, not a moment too soon, over 400 computer scientists have signed an open letter warning that the rush to protect children from online dangers threatens to introduce new risks including censorship, centralized power, and loss of privacy. They caution that age-verification requirements "might cause more harm than good."

It's Always for the Children

When he signed A.B. 1043 in October 2025, California Gov. Gavin Newsom announced the legislation "will assist parents in ensuring that their children are downloading and using age-appropriate applications." State Assemblymember Buffy Wicks (D–Oakland), who co-sponsored the bill, similarly promised that "AB 1043 offers a scalable, privacy-first approach that helps keep kids safe while holding tech companies accountable."

But vowing to help kids isn't the same thing as writing coherent legislation. The California law requires, in part, that any "operating system provider" must "provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user's age bracket to applications available in a covered application store."

Writing for PC Gamer, Andy Edser noted, "that's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure." But not all operating systems are provided by large tech companies that centralize the implementation of legal requirements. "The idea that all operating system providers need to comply (in California) has drawn a fair degree of ire from certain Linux communities," he added, with reference to the popular open-source family of operating systems. The requirement could impose burdens on small developers who work with Linux while being largely ignored by the larger, decentralized community—unless they draw official notice. This echoes warnings from computer scientists.

Age Verification 'Could be Used To Censor Information'

Published on March 2, an open letter signed by over 400 computer scientists from around the world cautions that "those deciding which age-based controls need to exist, and those enforcing them gain a tremendous influence on what content is accessible to whom on the internet." They add that "this influence could be used to censor information and prevent users from accessing services." Even short of the most authoritarian controls, they warn, age-verification mandates encourage centralization and favor large companies and services over smaller providers.

The computer scientists aren't just responding to California's law. Age-verification requirements are spreading across the world. "The age-gating wave is coming along with calls for stronger child safety measures online, despite concerns about privacy, security, and censorship," The Verge's Stevie Bonifield reported last week. Last year, Australia introduced high-profile age restrictions on social media that inspired young people to creatively work around the law with bogus birthdays and unregulated apps.

Regulations Meet Evasion

"We all knew circumventing the ban was going to be possible, but it was so much easier than we could have expected," 14-year-old Sarai Ades told The Guardian last month about Australia's law.

Similarly, the U.K.'s recent age-verification requirements resulted in a surge in virtual private network (VPN) use as Britons sought to make their internet searches appear to come from unregulated jurisdictions. "Five VPN apps have experienced particularly 'explosive growth' and reached the top 10 free apps on Apple's UK App Store by Monday," noted Wired's Lily Hay Newman and Matt Burgess.

In response, U.K. officials targeted U.S.-based websites, arguing that anything reachable online from Britain is subject to that country's laws. The U.K. is also considering restrictions on VPNs.

"VPN usage more than doubled in the UK following highly effective age assurance requirements becoming mandatory, rising from about 650,000 daily users before 25 July 2025 and peaking at over 1.4 million users in mid-August 2025," frets a March 2026 U.K. government report.

Regulatory Threats to Privacy

"Regulating the use of VPNs, or subjecting their use to age assurance controls, will decrease the capability of users to defend their privacy online," warns the March 2 open letter. "This will not only force regular users to leave a larger footprint on the network, but will leave a number of at-risk populations unprotected, such as journalists, activists, or domestic abuse victims." Technology restrictions come down hardest on the least dangerous members of society, the letter adds. "We note that we do not believe that trying to regulate VPN use for non-compliant users would be any more effective than trying to forbid the use of end-to-end encrypted communication for criminals. Secure cryptography is widely available and can no longer be put back into a box."

People don't only evade age and content restrictions by cloaking their identities behind forbidden but still accessible technologies. They also turn to corners of the internet that exist beyond the reach of the state.

"If minors or adults are deplatformed via age-related bans, they are likely to migrate to find similar services," warn the scientists. "Since the main platforms would all be regulated, it is likely that they would migrate to fringe sites that escape regulation."

Meanwhile, in the course of implementing age restrictions, mainstream platforms gather data from everybody in order to implement restrictions on the activities of minors. "This in itself increases privacy risks, with data being potentially abused by the provider itself or its subcontractors, or third parties that get access to it, e.g., after a data breach, like the 70K users that had their government ID photos leaked after appealing age assessment errors on Discord."

Rather than reflexively mandate age restrictions on internet platforms, the letter's signers urge lawmakers to consider the dangers of such requirements. They suggest regulation of social media algorithms as a potential alternative. Also, and importantly, they recommend "support for parents to locally prevent access to non-age-appropriate content or apps, without age-based control needing to be implemented by service providers." In the end families, not governments, are responsible for children.