A recent study has raised significant concerns about the data privacy practices of Yoti, a prominent British age verification service that serves over half of the global market. The research indicates that Yoti may be secretly collecting and sharing users’ biometric data and device fingerprints with third parties.
Yoti, based in London, provides age verification for approximately 60% of websites worldwide, including major clients like Meta, TikTok, OnlyFans, and Sony PlayStation. Many U.S. states mandate that websites implement such tools, relying on assurances from developers that user data will remain confidential.
However, the findings suggest a stark contrast between the promised privacy and actual practices. Researchers likened the digital verification process to a bartender checking IDs, stating, “While a real bartender merely checks the birth date, a digital one secretly makes a copy of your ID and sends it to product suppliers, banks, and other third parties.”
Each time users attempt to verify their age, the service reportedly transmits sensitive information to various stakeholders, including:
- Real photographs of users’ faces;
- IP addresses and precise geolocation data;
- Unique device fingerprints that allow for easy tracking online.
This information is subsequently accessed by credit organizations, marketing firms, and data brokers to create detailed advertising profiles.
The situation is further complicated by the fact that, despite serious privacy risks for adult users, the systems designed to protect minors are ineffective. The study found that many sites subject to stringent age restriction laws often ignore these regulations and do not enforce real verification processes.
Conversely, some platforms are beginning to require facial scans or document verification even in regions without any legal age restrictions. Content platform owners may adopt these measures voluntarily, either to mitigate potential legal challenges or to streamline their site’s technical operations nationwide. This trend jeopardizes the anonymity of individuals who, by law, should remain private.
Beyond personal data leaks, researchers warn of a phenomenon they describe as the “balkanization” of the internet. As different regions or states implement their own stringent censorship and verification rules, the once-open internet is fragmenting into isolated segments.
The study notes that users have already adapted to the internet functioning differently across various countries due to governmental policies. However, a similar internal fragmentation is now emerging within individual nations.
This shift can lead to scenarios where a person closing their laptop in one city and reopening it after a flight to another may encounter entirely different search results and lose access to familiar informational resources. Researchers argue that this trend poses a serious threat to the free exchange of ideas and information globally.
A study has uncovered troubling data privacy practices by Yoti, a leading age verification service. The findings reveal that the company may be sharing sensitive user information with third parties, raising concerns about the effectiveness of current regulations designed to protect user privacy, especially for minors.