Age verification is identity verification
Age verification resolves identity once and answers every access by reference, relocating control over disclosure from the user to an attestation layer.
An age verification check does not confirm that a person is old enough. It confirms that a credential asserting age was presented and accepted. Those are two different operations, and the difference is the entire point. The system that performs the check resolves an identity, matches an attribute against that identity, and returns a decision. What it validates is not age as a fact about a body in a room. It validates the binding between a real, resolved identity and a claim made about that identity. Age is the output. Identity is the input.
This is not an incidental property of one implementation. It is how the category is built. To assert that a user is over 18, an age verification system routes the user through an identity verification provider, a vendor such as Yoti or an equivalent attestation service, which resolves a government document, a mobile driver’s license under ISO/IEC 18013-5, or a wallet credential and derives the age attribute from it. The frameworks now being deployed under the UK Online Safety Act and the European Digital Identity Wallet defined by eIDAS 2.0 formalize this flow. The attribute travels over standard federation protocols, OpenID Connect and its verifiable presentation profiles, as an assertion signed by a party that already knows who the user is. The age claim is downstream of a full identity resolution. It cannot be produced without one.
So the system does exactly what it was specified to do. It does not measure age. It cannot. It resolves an identity to a level of assurance, stores or references that resolution, and emits a signed attribute that says yes. The service asking the question receives a reference to a decision made elsewhere, by a party that retains the binding. Nothing about this is a malfunction. The pass result is not a statement about a person. It is a pointer to an identity resolution that has already occurred. Once that is understood, the framing of age verification as a narrow, proportionate check collapses. The check is the identity. The age is a projection of it.
The internet was not designed to require this. Its original trust model treated identity as an optional attribute of a session, never a precondition of one. TCP/IP carries addresses, not names. HTTP is stateless by construction. A request arrives, a response is returned, and nothing in the base protocol obliges the requester to resolve who is behind the socket. Identity, when it appeared, was something a user chose to attach: an account, a login, a payment, a disclosure made for a specific transaction and no further. The assumption underneath the whole architecture was that a session with no resolved identity is a valid and complete session. Absence of identity was not an error state. It was the default.
That default carried three properties the system relied on without ever naming them. Disclosure was held by the user, made per interaction, and revocable by the simple act of not disclosing again. When identity was shared, it was shared with one party, for one purpose, and it did not transfer. Presenting a document to one service did not entitle a second service to the result. Presenting it today did not bind tomorrow’s session. The control over the decision stayed at the endpoint, with the person making it, because there was no layer above them holding a persistent copy of the resolution. Trust in identity was presented, not inherited. Each interaction re-derived whatever it needed and kept nothing it was not given.
This is what anonymity actually meant in the design, and it is a more precise thing than the word usually implies. It was never a guarantee of untraceability. Addresses were logged, sessions were correlated, and law enforcement could unwind a chain when it had cause. The property that mattered was narrower and more structural: the user held the decision to share identity, and the system treated non-disclosure as legitimate. Anonymity in this sense is control over the moment of disclosure. It is the position of the switch, not the invisibility of the person. The assumption was that this switch sat at the endpoint, in the hands of the party deciding, and that the network above it would function correctly whether the switch was on or off.
What changed is not attacker capability and not any failure of the people operating these systems. What changed is the validity of the assumption that disclosure is a decision held by the user. Age verification converts identity resolution from an optional attribute of a session into a precondition of access. The over-18 assertion cannot be manufactured without first resolving the identity behind it, so the act of disclosure is no longer chosen per interaction. It is mandatory, structural, and enforced at the point of entry. The switch that used to sit at the endpoint is removed from the endpoint. Non-disclosure stops being a valid state. A session without a resolved identity no longer completes.
And the resolution does not stay with the user. Control over identity moves to a third-party attestation provider, an identity verification vendor or a national wallet operator under eIDAS 2.0, which now holds the binding between the person and the attribute. The system did not re-evaluate its trust model when it added this layer. It inherited the old one. It continued to treat a resolved identity as a persistent, referenceable fact, exactly as it had always treated presented identity, except that now the identity is resolved once, upstream, and every subsequent yes is a reference back to that stored resolution. In practice the mobile driver’s license and the wallet credential are built to be reusable precisely so the resolution does not have to be repeated. The binding is designed to persist and to transfer. Those were the two properties the original model explicitly did not assume, and both are now assumed.
This is why the shift is structural and not an event. The decision to share identity did not disappear from the internet. It moved. It moved from the endpoint to the attestation layer, from a choice the user makes per interaction to a delegation the user makes once and cannot easily unmake. Anonymity understood as control over the decision to disclose ends here, not because identity is suddenly exposed to every site a person visits, but because the location of the control has changed. The switch is no longer in the user’s hand. It is held by the party that performs the resolution and retains the reference. The assumption that disclosure is a decision the user holds no longer holds. What remains is a decision the user delegated, resolved once, and referenced thereafter.
The relying party, the site or platform gating access, performs one operation when the assertion arrives. It checks the signature. It confirms that the token carrying the over-18 claim was signed by a party it has agreed to trust, and if the signature resolves, it grants access. The signed assertion under OpenID Connect, carried as a JWT under RFC 7519 or as a verifiable presentation, is accepted because of who signed it, not because of what it says. The identity of the source stands in for the integrity of the content. The relying party never independently establishes that the person at the socket is over 18. It establishes that a trusted attestation provider said so, once, and signed the saying.
This is reference replacing validation. Validation would mean the fact is re-derived at the moment of access: the document resolved, the attribute recomputed, the binding re-checked against the person present. That is not what happens, and it was never meant to. The wallet credential under eIDAS 2.0 and the mobile driver’s license under ISO/IEC 18013-5 are engineered so the resolution happens once and everything after it is a presentation of an already-resolved result. The relying party consumes a pointer. The attestation provider holds the thing the pointer points to. Between them sits a signature, and the signature is the whole of what gets checked.
Nothing here is a bypass. No control was defeated, no cryptography broken, no boundary crossed that was meant to hold. The system executed its specified behaviour exactly: present credential, verify signature, resolve decision, grant or deny. A bypass would be an easier condition to reason about, because a bypass implies a control that was functioning and then was not. This is the control functioning. The property worth naming is that the observable behaviour of the system, grant on valid signature, is identical whether the identity behind the assertion was resolved this second or 6 months ago and referenced ever since. From outside, the two are the same event. The system cannot distinguish them, because it was not built to. It was built to check the reference.
The pattern is execution on a reference to a prior decision in place of re-verification of the fact the decision was about. Once a resolution is signed and made referenceable, every downstream actor consumes the reference and treats it as equivalent to the fact. The signature travels. The verification does not. The system that acts on the reference is behaving correctly when it declines to reopen the question, because not reopening the question is precisely what the architecture was built to make possible.
The same structure runs underneath OAuth 2.0. A resource server presented with a bearer access token does not re-authenticate the user or re-confirm that the granted scope still reflects the user’s intent. It validates that the token was issued by an authorization server it trusts, and if so, it serves the request. The authorization decision was made once, at the authorization server, and the token is a reference back to that decision. Whoever holds a valid token holds the decision. The resource server executes on the reference. It does not revalidate the underlying grant, and it has no mechanism to, because the grant lives somewhere else. Identity of the issuer stands in for integrity of the claim. A decision resolved once is referenced thereafter. Possession of the reference is treated as equivalent to the fact it points to.
The age attestation and the bearer token are the same object wearing different labels. In both, trust is resolved at one point and consumed at many, and the correct behaviour of every consuming system is to accept the reference without reopening it. This is why the shift in age verification is structural rather than a matter of privacy exposure or breach risk. Those are downstream consequences. The structural fact underneath them is that a decision about identity has been resolved once, made persistent, made referenceable, and handed to a layer that will execute on the reference indefinitely without asking again.
Anonymity, in the only sense the original architecture actually provided it, was the position of a switch the user held. The switch has not been turned off. It has been relocated to a layer that resolves identity once and answers every subsequent question by reference.
The internet did not lose the ability to carry an unidentified session. It gained a layer above the session that resolves identity before the session begins and retains the resolution. The decision to disclose still exists. It is no longer held by the person disclosing.
The system resolves identity once. It does not revalidate. The control exists. The outcome does not.
Keep Reading
systems driftPAN-OS remembers the verdict, forgets the reasoning
Firewall rules, AD groups, and JWTs keep executing stored references long after the reality they described has drifted. The system revalidates nothing.
prompt injectionThe role tag is a label, not a lock
Prompt injection is not a bypass. It is the transformer resolving the whole context window as one sequence, trusting a role label it never enforces.
KIDS ActAge verification does not verify age
The KIDS Act conditions access on collecting identity artifacts, converting every covered service into a standing target the control itself does not protect.
Stay in the loop
New writing delivered when it's ready. No schedule, no spam.