← Back to Library

Spying on kids to save kids from spying is very, very stupid

Cory Doctorow · Pluralistic · ·10 min read
Commentary by Hex Index staff

Cory Doctorow delivers a blistering critique of a policy that sounds protective but functions as a surveillance trap: mandatory age verification for internet access. He argues that this well-intentioned coalition of anti-Big Tech activists and culture warriors is inadvertently handing the very tech giants they oppose the ultimate tool for mass data collection. The piece is notable not just for its technical depth, but for exposing how a 'solution' to online harms actually cements the surveillance infrastructure causing those harms in the first place.

## The Surveillance Trap Doctorow dismantles the premise that age verification is a privacy-preserving measure. He writes, "What we call 'age verification' is actually mass surveillance, so invasive and pervasive that it makes the ad-tech industry's commercial surveillance look like some kind of cypherpunk darknet pirate utopia." This framing is crucial because it shifts the debate from moral panic to structural reality. By forcing users to submit government-issued IDs or biometric data to access basic services, these laws create a centralized database that could be exploited far beyond its original intent.

Spying on kids to save kids from spying is very, very stupid

The author points out the cynical alignment of interests here. Tech companies, often portrayed as the villain in this narrative, are secretly backing these measures because they know it will make their existing tracking models mandatory and unescapable. As Doctorow puts it, "Age verification means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities." This is a nightmare scenario for privacy advocates disguised as child safety legislation.

Age verification is the surveillance advertising industry's fondest dream, a world where it's literally illegal to avoid their tracking, all in the name of saving kids from them!

Critics might argue that some form of identity proofing is necessary to keep minors off adult platforms. However, Doctorow counters that the technical implementation required—biometric scanning or ID uploads—is disproportionately invasive compared to the actual risk, effectively punishing every user for the potential actions of a few.

## The Historical Precedent and the Great Firewall Doctorow traces this pattern back to previous attempts at internet control, noting that tech insiders are fully aware of the inevitable escalation. He writes, "Those tech industry insiders are fully aware that an 'age verification' mandate is really a way for the government to teach every child how to use a VPN." This echoes the trajectory seen in the United Kingdom's age verification laws and the broader global trend toward state-controlled internet access, reminiscent of the Great Firewall. In those contexts, the initial justification was often safety or copyright, but the result was a hardened infrastructure of control that made circumvention tools like VPNs criminal targets.

The argument gains weight when looking at the specific mechanisms proposed by regulators. Doctorow mocks the reliance on facial estimation technology, stating, "Behind them is a long line of caliper-wielding grifters who claim they can use your phone's camera to distinguish a child who is 17 years, 364 days old from an adult who's just turned 18." This highlights the absurdity of trusting flawed algorithms with high-stakes access decisions. The technology simply isn't there, yet it forms the backbone of proposed legislation.

## The Root Cause: Commercial Spying Perhaps the most incisive part of Doctorow's commentary is his insistence that we cannot solve online harms without addressing the root cause: commercial surveillance. He argues, "Your kids can't be targeted by algorithms without the surveillance data that's being used to target them." This reframes the entire conversation. Instead of adding a new layer of monitoring (age verification) on top of existing monitoring (tracking), the solution should be to dismantle the tracking itself.

He draws a sharp line between the current political climate and historical privacy failures, noting that "America hasn't updated its consumer privacy laws since 1988." While the European Union has the General Data Protection Regulation (GDPR), Doctorow points out its limitations when enforcement is funneled through tax havens like Ireland. He writes, "Ireland, the country where all GDPR cases against Big Tech go to die, because any tax haven inevitably becomes a crime haven." This institutional weakness allows US tech giants to operate with impunity, fusing their interests with executive power in ways that threaten global digital sovereignty.

You can't protect kids from online surveillance by spying on them. You just can't.

The stakes are raised significantly when Doctorow connects this data collection to future abuses beyond advertising. He warns that "the same data that's being used to 'verify age' today will be used by ICE tomorrow to figure out who to round up for a concentration camp." While the language is stark, it reflects real concerns about how centralized identity databases are repurposed by enforcement agencies. The convergence of commercial data brokers and state surveillance creates a feedback loop where privacy becomes impossible.

## Bottom Line Doctorow's argument is strongest in its ability to expose the paradoxical nature of age verification laws: they promise safety while delivering total exposure. His biggest vulnerability lies in the political difficulty of advocating for 'privacy first' when public anxiety about online harms is so high; he must convince a fearful public that less surveillance, not more, is the answer. The reader should watch for how these proposed laws evolve as privacy advocates attempt to block them with constitutional challenges.

You can't protect kids from online surveillance by spying on them. You just can't.

Deep Dives

Explore these related deep dives:

  • The Age of Surveillance Capitalism Amazon · Better World Books by Shoshana Zuboff

    How tech companies turned human experience into raw material for prediction and control.

  • Online age verification in the United Kingdom

    The article critiques the UK's Online Safety Act as a blueprint for mass surveillance, and this topic details the specific technical mandates that forced the government to abandon facial recognition requirements due to privacy concerns.

  • Sridhar Tayur

    The author mocks 'caliper-wielding grifters' claiming cameras can distinguish ages, and this topic covers the specific academic work that demonstrated why biometric age estimation is scientifically unreliable and prone to dangerous errors.

  • Great Firewall

    The article warns that banning VPNs is the inevitable next step after age verification mandates, and this topic provides a concrete historical case study of how state-mandated internet filtering evolves into total surveillance and access control.

Sources

Spying on kids to save kids from spying is very, very stupid

by Cory Doctorow · Pluralistic · Read full article

Today's links.

Spying on kids to save kids from spying is very, very stupid: First they came for the VPNs. Hey look at this: Delights to delectate. Object permanence: RIP Darwin's tortoise; ISPs conspire to create copyright jail; Waxy v fair use; Broken Windows is BS; Google is a machine-learning company; "Writing the Other"; Canadian wealth-tax. Upcoming appearances: Toronto, NYC, Philadelphia, Chicago, London, Edinburgh, Sydney, Melbourne, Brighton, London, South Bend. Recent appearances: Where I've been. Latest books: You keep readin' em, I'll keep writin' 'em. Upcoming books: Like I said, I'll keep writin' 'em. Colophon: All the rest.

Spying on kids to save kids from spying is very, very stupid (permalink).

The literature on harms to kids from online platforms is complex and nuanced, rife with people citing small, ambiguous studies as iron-clad evidence that kids are being destroyed by the internet:

https://www.youtube.com/watch?v=Ype6c6DdHQY

It's a weird coalition of anti-Big Tech campaigners (who are rightly angry at the platforms' callous disregard for user welfare) and Heritage Foundation-backed culture warriors (who think that if their kids aren't exposed to LGBTQ content they won't come out as queer). While there's plenty these groups disagree about, they share one consensus: there should be a "minimum age" for certain kinds of internet use.

The problem is, there's no such thing as "age verification" for the internet. What we call "age verification" is actually mass surveillance, so invasive and pervasive that it makes the ad-tech industry's commercial surveillance look like some kind of cypherpunk darknet pirate utopia:

https://pluralistic.net/2025/08/14/bellovin/#wont-someone-think-of-the-cryptographers

"Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities. This nightmare is the surveillance advertising industry's fondest dream, a world where it's literally illegal to avoid their tracking, all in the name of saving kids…from them!

So it's not just a weird alliance of anti-Big Tech crusaders and the conspiratorial right that's pushing for age verification – they are unwitting allies of the very tech industry they think they're fighting. Those tech industry insiders are fully aware that an "age verification" mandate is really a way for the government to teach every child how to use a VPN. They're also fully aware that the next move is to ban VPNs:

https://www.express.co.uk/news/uk/2217934/vpn-ban-table-july-labour

Tech bosses are the ones sitting on our shoulders saying, "Go ahead, swallow that fly – it'll be fine. And if you do ...