Protecting Kids Without Breaking the Internet

By Mallory Knodel

Last month, a closed-door workshop on Age-Based Restrictions on Content Access was convened by the Internet Architecture Board (IAB) and World Wide Web Consortium (W3C) Technical Architecture Group. It brought together engineers, standards developers, civil society advocates, academics, and industry representatives to examine the growing wave of laws that require age verification or age assurance online. For example, the UK’s Online Safety Act which IX’s Editor-in-Chief Audrey analyzed and Heather Burns also critiqued. The goal of the workshop was not to pick a single solution but to build a shared understanding of the properties and trade-offs of different approaches.

The workshop was a grand opportunity to build consensus between major technology companies, telecom operators, browser vendors, academics, child safety advocates, and civil society groups focused on privacy and digital rights. Across sessions, there was broad agreement that this is a complex, global problem with no single technical or regulatory solution. At the same time, discussions were wide-ranging and reflected both the breadth of the topic and some genuine disagreements over scope and approach. So what should the global standards setters for the web and internet say about age verification?

A collection of papers submitted in advance of the workshop has been published, offering a glimpse into the breadth of perspectives represented. Other related background documents that have been circulated include the Knight Georgetown Institute submission to the EU, and a comprehensive deep dive by the Open Technology Institute on age verification approaches and their implications.

These contributions span legal and policy analyses, critiques of existing age-verification mandates, and technical proposals for different forms of age gating. Some explore privacy-preserving filtering at the network layer; others warn of the security, privacy, and human rights risks of large-scale age verification systems. What they share is a recognition that policymakers are moving quickly to impose age-gating obligations, often without fully understanding how the internet’s architecture works or the practical consequences of different technical choices.

Much of this amounts to several ways to hold up the problem and admire it from different angles. Conversations about network censorship have a similar pattern: Good to understand the technical means already deployed for protocol standards engineers who want to correct for it, adversarially, but also offer advice for how to do it in such a way so that you don’t break the internet.

To that end an outcome of the workshop was the need for an elaboration of neutral, solution-agnostic architectural specification that could help ground future debates. Rather than endorsing any single method of age verification or assurance, such a document could map out where in the internet stack age gating might occur, for example at the network, device, or service layer, and examine trade-offs around effectiveness, feasibility, privacy, and human rights. 

From the draft, “Our goal is to describe the technical difficulties in any age-gating mechanism such that it is effective and does not introduce security and privacy risks as well as contravene human rights. We also hope to show that age verification mechanisms are wholly technical solutions that are separate from, albeit often motivated by, the means of protecting young people online.”

Titled Age Verification Architecture, the document will outline a technology-neutral schema for how different intermediaries could restrict or permit access to content and services based on age, alongside analysis of security, privacy, and human rights considerations. While the draft won’t prescribe a single “solution” to the problem, it aims to offer a clear, structured framework to inform future technical, policy, and regulatory discussions. The document is open for feedback through issue creation or pull requests on GitHub.

Find us at MozFest

Social Web Foundation: MozFest Fringe Event

https://luma.com/9tyqx0sz
Friday 7 November, 14:45 CET
We have only six places left for the MozFest Fringe gathering and lunch we are hosting with the Social Web Foundation. It's for folks working on the social web in order to gather actions that can help us strategize and plan for the coming year.

Encryption and Feminism: Reimagining Child Safety Without Surveillance 

https://mzf.st/160
Saturday 8 November,13:30 CET
Our session about how encryption can safeguard vulnerable communities while upholding privacy and human rights with Chayn’s Hera Hussain, Superbloom’s Georgia Bullen, APC’s Diana Bichanga, Courage Everywhere’s Lucy Purdon, UNICEF’s Gerda Binder, and IX’s Mallory Knodel, Ramma Shahid Cheema and Audrey Hingle.

Unlearning Systems

https://mzf.st/74
Sunday 9 November, 4:00 CET
Seyi Akiwowo's mainstage session about unlearning dominant ways of knowing and organizing, specifically through the lens of Indigenous knowledge and alternative economic systems with Keoni Mahelona and Luísa Franco Machado. 

From The Feminist Communications Co-op

As you might have heard, IX has launched a feminist communications cooperative. We recently supported one of our first clients, Richard Reisman, in editing his latest article, now live on Bedrock Principle.

Need communication support?

This Week's Links

Open Social Web

• IX community member Chad Kohalyk at the IETF meeting about moving the AT Protocol into IETF. “There's a there there.” https://bsky.app/profile/chadkoh.com/post/3m4vhthbagc24  

Internet Governance

• The United Nations’ first global cybercrime treaty has opened for signature, but critics warn it’s a “surveillance pact in disguise” that could force countries to aid repressive regimes in criminalising journalists, activists, and dissent. https://www.techpolicy.press/next-steps-for-mitigating-harm-in-the-un-cybercrime-convention 
• Surveillance capitalism is not just an economic model but a geopolitical system argues IX contributor Burcu Kilic in a paper published by Harvard Kennedy School’s Carr Center. https://www.hks.harvard.edu/centers/carr-ryan/publications/geopolitics-surveillance-capitalism 
• The International Criminal Court will replace Microsoft Office with Open Desk, a German-developed open source software suite, as part of its shift toward a European open source work environment. https://www.euractiv.com/news/international-criminal-court-to-ditch-microsoft-office-for-european-open-source-alternative 
• Post from Low Entropy provides a detailed update on the development of AI Preferences, a proposed web standard to let site owners express how their content can be used by AI systems. https://lowentropy.net/posts/aipref-update 
• AI-generated deepfakes are capable of creating convincing fake “evidence.” What happens when an AI-generated video incriminates a Black suspect? That’s coming, and we’re completely unprepared, says Kali Holloway in The Nation. https://www.thenation.com/article/society/deepfake-ai-algorithm-racism 
• Luciana Ghiotto writes that policies once demanded by trade justice activists, such as critiques of NAFTA, opposition to the WTO, and tariffs to protect workers, have been adopted by figures like Donald Trump and reinterpreted to strengthen corporate and nationalist interests rather than social justice, showing that the anti-globalization movement must upgrade by leaving behind both the illusions of the free market and those of economic nationalism. https://www.tni.org/en/article/did-trump-steal-our-agenda-why-fighting-free-trade-isnt-enough-anymore 
• Public perception around the impacts of data centres has changed, and Europeans are demanding government policy to protect them and their communities. https://www.thegreenwebfoundation.org/news/europeans-agree-time-to-put-limits-on-big-tech-data-centres 
• Watch the recording of IX’s Mallory Knodel discussing how international AI standards can safeguard human rights with experts from Google, the IEC, and the Council of Europe. https://www.iec.ch/academy/webinars/deepening-understanding-human-rights-and-standards 

Digital Rights

• Keep Android Open is organizing to oppose Google’s new developer registration and verification policy, announced in August 2025, which will require all Android developers to register centrally with Google before creating or distributing apps. https://keepandroidopen.org 
  • Related, F-Droid warns the new Google Developer Program threatens user autonomy, developer freedom, and digital sovereignty, undermining Android’s long-held reputation as an open platform. https://f-droid.org/en/2025/10/28/sideloading.html 
• Researchers from Cloudflare, University of Michigan, EPFL and University of Maryland find internet middleboxes are being weaponised for censorship and surveillance worldwide, mapping a hidden layer of interference across the global web. https://www.cs.umd.edu/~dml/papers/tampering_sigcomm23.pdf 

Technology for Society

• IX contributor Konstantinos Komaitis explores how the internet, once the ultimate symbol of globalization and openness, has evolved into a fragmented, politically charged system defined by national interests. But a third act is still possible, one of balance, where connection and sovereignty coexist. https://www.komaitis.org/write-share-ignite/internet-realities-globalization-fragmentation-and-the-future-of-a-connected-world 
• ROOST and OpenAI have jointly released gpt-oss-safeguard, an open-source AI moderation model designed to address complex online harms such as self-harm content. https://roost.tools/blog/a-new-milestone-for-open-source-safety-infrastructure-and-transparency 
• How are patriarchy, colonialism, and gendered violence evolving in today’s Africa? Feminist Africa’s latest issue revisits these power dynamics for a new era. https://feministafrica.net/2025/10/29/feminist-africa-2025-volume-6-issue-1-violence-gender-power-1 

Privacy and Security

• Republicans are pushing to eliminate differential privacy, the algorithm that adds “noise” to census data to keep individuals anonymous, a move experts warn could expose personal information. https://www.wired.com/story/republicans-differential-privacy-census-overhaul 
• A cross-border investigation from Mother Jones exposes First Wap, a secretive surveillance vendor whose system Altamides covertly tracks phones worldwide by abusing legacy SS7 telecom signalling. https://www.motherjones.com/politics/2025/10/firstwap-altamides-phone-tracking-surveillance-secrets-assad-erik-prince-jared-leto-anne-wojcicki 
• Phoenix R&D has introduced DMLS, a fork-resilient version of the Messaging Layer Security (MLS) protocol that strengthens forward secrecy in decentralized messaging systems where no central server exists to manage group key updates. https://blog.phnx.im/making-mls-more-decentralized 

Upcoming Events

• Join Freedom House for the launch of Freedom on the Net 2025: An Uncertain Future for the Global Internet. November 13, 10am EST. https://freedomhouse.org/event/report-launch-freedom-net-2025 

Careers and Funding Opportunities

• Want to up your funding game? Funders on Fundraising is a podcast series of candid interviews with funders—not just about their portfolios or program strategies, but about how fundraising actually works. https://intangible.ca/2025/10/27/launching-the-podcast 
• The Center for Security and Emerging Technology: Research Fellow or Senior Fellow. Washington, DC. https://cset.georgetown.edu/job/research-or-senior-fellow-frontier-ai 
• Knight-Georgetown Institute (KGI): Senior Technologist. Apply by November 10. Washington, DC. https://kgi.georgetown.edu/senior-technologist 
• The Berkman Klein Center for Internet & Society at Harvard University: Call for Fellows. Apply by December 5. Boston, MA. https://cyber.harvard.edu/page/open-call-fellowship-applications-2026-and-2026-2027 
• IAPP:  Westin Research Privacy & AI Governance Fellows. Hybrid, Portsmouth, NH. https://recruiting.ultipro.com/INT1087IAPP/JobBoard/2db18b8e-4f9b-4832-830c-dc5f1c5041ae/OpportunityDetail?opportunityId=6fc940a5-a292-4dff-99df-e84c80270c70 
• Mozilla: Sr. Counsel - Privacy. Remote US. https://job-boards.greenhouse.io/mozilla/jobs/7295305?gh_src=6eba76201us 
• AI Accountability Lab: Post-Doctoral Researcher, generative AI in public services. Apply by December 2. Dublin, IE. https://aial.ie/hiring/postdoc-genai-public-service 
• Sovereign Tech Agency:  Digital Commons EDIC Director (f/m/x). Apply by December 1. Paris, FR. https://www.sovereign.tech/jobs/digital-commons-edic-director 
• Microsoft: Government Affairs Director. Nairobi City, KE. https://jobs.careers.microsoft.com/global/en/job/1898550/Government-Affairs-Director 
• UNFPA: Consultancy –Global GBV Case Management Curriculum Consultant, Programme Division, UNFPA. Apply by November 15. Remote. https://www.unfpa.org/jobs/consultancy-%E2%80%93global-gbv-case-management-curriculum-consultant-programme-division-unfpa 

Opportunities to Get Involved

•  FOSDEM 2026 – Social Web Devroom – Call For Participation. FOSDEM is an exciting free and open source software event in Brussels, Belgium that brings together thousands of enthusiasts from around the world. The event spans the weekend of January 31 to February 1, 2026 and features discussion tracks (“devrooms”) for scores of different technology topics. Submission Deadline: December 1. https://socialwebfoundation.org/2025/10/31/fosdem-2026-social-web-devroom-call-for-participation 

What did we miss? Please send us a reply or write to editor@exchangepoint.tech.