Opinion On June 10, social network Bluesky announced that in 15 days it would introduce age verification for UK users, to comply with the UK Online Safety Act. As this law threatens non-compliant content companies with eight-figure fines from July 25, you can see why. The how, however, is breathtakingly inexcusable.
Won’t somebody think of the European children? Meta and Google put up their hands to help on the same day
READ MORE
As with many very bad ideas, it comes from a simple statement that discourages discussion: children are seeing damaging content online, from which they should be protected. If you choose not to be age-verified on UK Bluesky, you will not be able to view adult content nor use direct messaging. If you consent to age verification, you can. Sounds reasonable. Arguing about it implies selfishness at best, to say nothing of the worst.
Not so. Here goes.
There are only two things wrong with using age verification to shield kids from inappropriate content – the age verification bit and the inappropriate content bit. UK law and Bluesky’s way of complying demonstrate both.
Starting with inappropriate content, of course, it has never in the history of the free world been effectively defined. It’s case-by-case, currently including content about alcohol and gambling alongside explicit sexual material. Then there’s non-sexual nudity, suggestive material, and, depending on who you talk to, discussions about gender and sexuality.
The list can be as broad as you like. Bluesky’s own adult content filter settings allow a curiously granular set of fine-tuning switches including “potentially disturbing media.” One presumes this switch just disconnects the internet.
You might not mind not being able to share a picture of that great new craft beer, or link to that fascinating question to which the answer is 93*. But many professional communities online, from medics to medievalists, will affirm how important it is to be able to talk to all sorts of people about all of humanity, including those that make your mythical maiden aunt blush. Moreover, social media is their glue. One of the great benefits of online life is bringing birds of a feather together, and environments that restrict how they flock are not conducive.
You can be sure that restrictions will tighten. Whatever algorithm is in place to identify inappropriate content, it’ll be set as strictly as possible. Big fines if you’re too lax. Nothing for over-zealousness. There’s no moderating feedback path.
Even so, that may seem acceptable collateral damage if children can’t see that stuff alongside the damaging material. Real life has age verification on lots of things, some more effective than others, but most worth keeping around. Why should online age verification be any different? Why not just verify and be done? Over to you, Bluesky.
The path Bluesky has chosen is Kids Web Services (KWS), a system controlled by Epic Games. Yes, that Epic Games. To verify yourself as an adult to Bluesky UK, you’ll have to register with KWS. You don’t have to use KWS if you’re a kid – only if you’re an adult, or “parent” as KWS will refer to you.
That’s a clue that KWS isn’t primarily an age verification platform; it’s a child privacy protection system. The sort you’d build – or buy in – when huge fines for violating children’s privacy are in the air. Epic has focused on the parental registration part of the platform and made it available for free as a tool for adult age verification. It might seem uncomfortable to force adults onto something called Kids Web Services, but to be fair rebranding as Adult Web Services would be even worse.
A free service from a major company; it’s easy to see what Bluesky gets out of it. What does Epic get? Irish data compliance lawyer and blogger Simon McGarr dug around and found out. You have to give permission for an enormous amount of your personal data, including payment card details, phone number, address, face scan, national ID numbers and documents, access to your device details, when, where, and for how often you do things online, and on and on.
This is by way of building what Epic describes as a corporate asset of a database to do with as it wishes. McGarr has been reading the fine print: “If we are involved in a merger, acquisition, or sale of assets, we may share your personal information with the acquiring or receiving entity.”
The price for being an adult on Bluesky is corporate surveillance, at least in the UK, on a fortnight’s notice. This has very little to do, in theory or practice, with protecting children frI have om harm online, and everything about protecting Bluesky and Epic’s bottom lines.
This isn’t even accidental, as successive UK governments have shown little to no interest in including online rights and privacy advocates in the discussions about child protection. You don’t when you know the proper answer goes against your agenda that Something Must Be Done. It’s Been Done now, and it’s a mess. When even Meta and Google have better answers about user privacy and age verification, you have erred, and erred hard.
There is a lot more of this to come, as algorithms tuned for revenue and backed by flawed laws are used for social control. The very real problems of being today’s child will be made not one whit better, nor those of the adult they grow into. The UK government is very keen to show Britain as a world leader in digital. In the case of leading in the wrong direction, it’s got its wish. ®
*How many pansies there are in the Bayeux Tapestry.