contra pornhub on age verification
calls for "device-based verification" are opportunistic and bad
I’m consistently impressed by the adult industry’s advocacy for digital privacy and free speech. The FSC does great work while the ACLU struggles with infighting. Sex worker collectives publish comprehensive guides to Internet legislation. Pro-dommes understand the landscape of payment processors better than tech startups. And that’s why I’m surprised to see some adult performers supporting Pornhub’s parent company Aylo (neé MindGeek) as it pushes an obviously terrible and self-serving plan for age verification.
In case you missed it—many US states are debating bills which mandate age verification for adult content, and eight states have already passed them. In these states, websites hosting material “harmful to minors” must force users to upload identifying documents to prove they are of legal age. Aylo has voiced disagreement (while still complying) with these laws by blocking IP addresses from states with age verification requirements. This is a reasonable response, and could be effective free speech advocacy. However, Aylo instead uses these pullout announcements to promote their preferred alternative, device-based age verification:
When an adult wants to access apps or websites intended for adults, they can age-verify their user account, such as an Apple ID, Google or Microsoft account, directly through their device. The age verification is simply added into the account process, asking the user to prove their age once. […] With device-level age verification, adults’ online experience would largely be unchanged. The websites simply grant them access with no barriers because age verification has already taken place.
The case for device-based verification is simple, says Aylo:
Without a uniform approach, adult material on thousands of sites that do not moderate content and contain harmful content will remain widely available to minors. Focusing on a handful of sites at a time does not solve the problem. Age verification on devices should be easy to use, secure and enforced equitably across all platforms offering adult content.
Or: You wouldn’t trust xvideos with your driver’s license, but, y’know, it’s probably fine if Apple has it.
What’s disappointing is the framework underlying Aylo’s argument—it’s a harm-minimization approach to age verification. From a digital privacy perspective, platform-based verification vs device-based verification is a false choice—both solutions are nightmarish and we should oppose them unequivocally.
Aylo is correct to point out that platform-based verification is unsustainable for cybersecurity reasons. Most adult sites don’t have the budget or ability to securely store users’ personal information—managing sensitive user data properly is really expensive. If they tried, we would have a spicy new data breach every other week.
But device-based verification is even worse—it expands digital surveillance and gives large tech companies a new tool for regulatory capture. The real beneficiaries of a legal mandate to put identity verification on-device would be Google, Apple, and Microsoft—it expands their moat by making it more expensive to enter into the device market. Once these companies become identity verification providers, they would scramble for market share by integrating their systems into as many sites/platforms as possible, and expand verification requirements to other types of content. Aylo admits this is on the horizon:
It goes without saying that adult content and platforms are not the only things children should be protected from accessing online.
(Hmm, what other types of content are we talking about here? It’s a total mystery.)
In the long term, device-based identity verification would be directly integrated into hardware, making it difficult to circumvent. (There’s also the problem of shared/public devices—presumably they cannot access restricted content at all.) It could even open the door to legalizing unlimited surveillance of Internet traffic, where devices must ping a government-run identity system for age verification and also (naturally) provide metadata about the content being accessed. Like previous proposals, these arrangements pose an enormous cybersecurity risk in addition to creating a chilling effect online.
Of course, most adult sites would be unable to operate under these regimes, and this is the real purpose of age verification legislation. When it’s no longer cost-effective for adult sites to legally operate in states with age-verification laws, most will simply shut off service as Aylo has done. Conservative lawmakers may act surprised when Pornhub pulls out of their state, but in fact the anti-porn lobby is thrilled with this outcome—they don’t want effective age verification, they want to raise the cost of serving adult content in order to stamp it out. If adult sites could survive under a device verification regime, there’s no reason to believe policymakers would accept it!
I’m forced to conclude Aylo supports device-based verification because they care about their new image as the one socially responsible adult content site, and therefore have to pay lip service to ‘protecting the children.’ It’s unclear whether Aylo really believes device-based verification should be implemented, or if they’re just blowing hot air to look like the adults in the room. I suspect they’re at least hedging their bets, because device-based verification is a solution which imposes huge social and financial costs on everyone except Aylo. It’s just, y’know, a little too convenient.
I wish Aylo would instead support organizations like the FSC which fight age verification laws on 1st Amendment grounds, without proposing privacy-eroding alternatives. A solution which decimates the open Internet is no solution at all.