UK porn site age restrictions could lead to a data breach

6 Mar 2018

Will the new age restrictions work? Image: Soifer/Shutterstock

A controversial change in how people in the UK access online pornography puts users at risk, say privacy experts.

MindGeek is the parent company of Pornhub, as well as a plethora other popular online pornography repositories.

It has recently revealed its plans for AgeID, an age verification system that may become a major gatekeeping tool for pornography sites accessed within the UK, but some online privacy experts have reservations.

Pornography viewers will need to verify age

AgeID will verify if a user is over the age of 18 using an encrypted login, which means that the user will not have to verify their age every single time they want to view content. From April 2018, visitors to porn sites in the UK will need to prove they are over 18 to access adult content.

Part of the UK government’s Digital Economy Act, the regulation is intended to protect children from explicit content and make it more difficult for them to access it.

MindGeek’s AgeID tool has been in use in Germany since 2015 and the company said the feature will be made commercially available to all porn sites accessible within the UK. AgeID will be supplied free of charge to independent UK pornography studios, producers and content creators.

AgeID spokesperson James Clark told the BBC that there were a number of methods people could use to verify their age, from credit card information and text messages to passports.

Clark also said the tool would not store any of the data used to authenticate users. “We have created a tool to comply with the impending UK legislation, which both protects children from stumbling across adult content, and enables those of legal age to securely and privately access adult websites through a one-time verification process.”

The tool only works for those who go directly to porn sites as opposed to pornographic content disseminated on social media or through search engines, but parental controls can block content from these avenues.

Online privacy concerns from digital rights group

Digital rights organisation Open Rights Group said that although MindGeek said it would not hold or store data, it was not clear who would. The organisation also raised concerns about the nature of the data disclosed by signing in, such as sexual preference.

The group’s legal director, Myles Jackman, said: “If the age verification process continues in its current fashion, it’s a once-in-a-lifetime treasure trove of private information. If it gets hacked, can British citizens ever trust the government again with their data?”

Jackman also said that the AgeID feature would see more people using VPNs or Tor to access content without handing over their private information for verification purposes.

As Gizmodo UK pointed out, MindGeek’s privacy policy allows for the collection and analysis of user data in order to sell better advertisements. Smaller internet service providers may struggle to finance systems to implement and block websites that don’t comply with the age policy, and a government report also noted that bad actors could create dodgy verification gateways to steal users’ credit card details.

Making the internet a safer place for children

The British Board of Film Classification is the regulator tasked with implementing these age verification rules. Its CEO, David Austin, said: “This is not about stopping adults from watching pornography that is legal; it is about making the internet a safer place for children.

“There are a range of methods for verifying whether someone is 18 or over, and we expect to see a number of solutions offered by providers to give people different ways to verify their age.”

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects