Digital Rights Digest | Dec 1-7
Age verification is surveillance infrastructure in disguise
On Our Radar 🎯
Missouri's Age Verification Law Is Surveillance Infrastructure Disguised as Child Safety
On November 30th, Missouri became the latest US state to enforce mandatory age verification for any website with more than 33% "adult content." The result? VPN searches spiked 4x overnight, major adult sites blocked the entire state rather than collect IDs, and reports are already rolling in that the law is age-gating far more than intended. This also marks the 25th state in the USA to pass age verification laws.
The law requires platforms to verify age using government IDs, digital identity systems, or "transactional data"—with fines up to $10,000/day for non-compliance. It even mandates that Apple and Google build age verification tools into their operating systems. The problem? Those systems don't exist yet, and even if they did, they'd create a massive risk of sensitive identity data tied to your browsing habits.
Missouri claims websites must "use reasonable methods" to secure data and not retain identifying information, but we've seen this play out before. In the UK, Discord's third-party age verification service was hacked, leaking over 70,000 government ID photos. There's no reason to believe Missouri's patchwork of compliance methods will be any more secure.
And here's the broader concern: This is a "copy-paste" law. Nearly identical bills are passing state-by-state, building a national infrastructure where proving your identity to access legal content becomes normalized. Today it's adult sites. Tomorrow it's social media, encrypted messaging, VPNs, or anything deemed "harmful."
We also don't have any evidence this works. The people this law claims to protect—minors—will just use VPNs, Tor, or offshore sites with zero protections. Meanwhile, adults are forced into a surveillance system that exposes their identity, browsing habits, and preferences to data breaches, government requests, and corporate profiling.
What you can do: If you live in Missouri (or any state with similar laws), use a reputable VPN to protect your privacy. Avoid sketchy "free VPN" apps flooding search results. And if you care about pushing back on these laws, support organizations like EFF and the Internet Society fighting age verification mandates in court. And don't forget to contact your representatives!
Bits & Bytes 🤖
~ India pulls mandate to preinstall government app on smartphones
After intense backlash, the Indian government has withdrawn its plan to mandate preinstalled government safety apps on all smartphones. The app would have requested nearly every possible phone permission. While the mandate has been partially rolled back, the situation continues to develop.
Our take: This was surveillance disguised as safety. The fact that they attempted it at all shows the playbook: normalize invasive government software under the guise of protection, hope no one notices the permissions. Fortunately, they backed down, but this is still unfolding.
~ EU's Chat Control Still Has Glaring Problems
After much back & forth, the mandatory scanning of Chat Control seems mostly beat, but there are many lingering problems covered by Patrick Breyer. The new propositions can still enable scanning and do nothing to combat age verification requirements.
Our take: Following Chat Control is a complete mess for us. It's a mix of live updates from Mastodon, waiting for something more formal from Patrick Breyer, and then seeing how long those updates are still relevant. From where I'm standing, Chat Control should still be fought as hard as it was. Its current state is still a huge hit to digital freedom.
~ Your Fecal Scanning Toilet Camera Doesn't Actually Have E2EE
A researcher decided to investigate if the 'end to end encryption' claims of Kohler, a fecal health tech company, was actually legitimate. They discovered that while they implement encryption at risk and in transit (HTTPS) — they do not integrate true end to end encryption, which would otherwise prevent them from accessing user data.
Our take: The craziest part of this story (besides the whole scanning poop thing) is that this isn't the first time a company has confused HTTPS with 'end to end encryption' — Zoom did the same thing back in 2021 where they misled people into thinking they were getting E2EE.
This Week on Techlore 📺
We covered Missouri's age verification and what it means for the rest of the US in a video outlining the repercussions of these laws:
Henry Fisher
This week's Surveillance Report was a deep dive on many of the stories shared in this digest:
Henry Fisher
Action Item ✅
Contact your representatives! Age verification laws are being proposed globally—from the US, to Canada, to the EU, to Australia, and more. Familiarize yourself with all of your representatives, and take 10 minutes to communicate your concerns with these laws being proposed.
Digital Rights Digest—threats to your freedom and how to fight back. A five-minute weekly read, 100% free.
