Proton CEO warns global age verification push will mean "the death of anonymity online"

News
By published

Protecting children online is crucial, but forcing every user to hand over their ID is a privacy nightmare waiting to happen, according to the head of the Swiss privacy firm

Proton CEO and founder Andy Yen poses next to the Proton logo at the headquarters of the encrypted email and VPN services company in Geneva.
(Image credit: Photo by FABRICE COFFRINI/AFP via Getty Images)
  • Proton CEO warns that age verification will kill online anonymity
  • Centralized databases of user IDs are already proving to be prime targets
  • To be secure, age checks must be open-source, on-device, and encrypted

The global rush to implement mandatory age checks across the internet is sleepwalking us into a surveillance nightmare. That's the stark warning from Andy Yen, the founder and CEO of Proton, the company behind one of the best VPN services and encrypted email platforms on the market.

As lawmakers in dozens of countries and nearly half of all US states scramble to regulate online spaces, Yen argues that the current approach to age verification is fundamentally flawed. He warns that while the desire to protect children is sincere, the execution is paving the way for unprecedented data collection.

"Age verification as is currently being proposed in country after country would mean the death of anonymity online," Yen states, cautioning that we "simply can’t afford to get this wrong."

The debate has already reshaped the digital landscape. With age verification changing the internet in 2025, privacy advocates have repeatedly flagged the dangers of forcing users to hand over passports, government IDs, or biometric data just to browse the web.

Now, Yen is joining the chorus of scientists calling for a halt to mandatory age verification.

When data gets collected, it eventually gets out

A phone showing the Discord app and logo

(Image credit: Getty Images)

The core of Proton's argument is that stockpiling sensitive identity documents creates an irresistible target for cybercriminals. Yen points to recent breaches as proof that third-party verification companies cannot guarantee data security.

Last October, the gaming chat platform Discord admitted that hackers accessed the records of more than 70,000 users, including photos of government IDs, held by a third-party vendor hired to enforce age checks.

Governments aren't faring any better. When the European Union launched an age-checking app, hackers claimed to have broken it in just two minutes.

"The more sensitive data you stockpile in privately held databases, the bigger a target it becomes for criminals," Yen explains.

A power grab by Big Tech

Rather than solving the issue, Yen suggests that the tech giants responsible for the internet's current privacy woes are cynically exploiting parental fears.

Meta, for example, has heavily lobbied for age verification to shift the regulatory burden away from its own platforms, allowing it to keep targeting adults with what Yen calls "toxic products."

The more sensitive data you stockpile in privately held databases, the bigger a target it becomes

Andy Yen, Proton's Founder and CEO

There are growing calls for operating system developers like Apple and Google to enforce device-level blocks. Indeed, Apple recently rolled out age verification in the UK, prompting significant backlash from privacy advocates.

Yen warns that giving Big Tech the power to track and block users based on age is a slippery slope.

"Once you’re using these collected IDs to block access based on age, it’s a short leap to blocking access based on nationality or other factors as well," he notes, highlighting the risk to whistle-blowers and democratic accountability if true anonymity disappears.

Is there a safe way to do it?

Proton argues that tech companies should focus their design firepower on improving parental controls, putting the authority to protect children firmly back in the hands of parents rather than centralized corporate gatekeepers.

However, if society decides that a narrowly drawn age verification system is inevitable, Yen says it must follow strict privacy-by-design principles. Checks must be conducted entirely on the user's device, relying on facial scans that are "instantly discarded once processed," rather than uploaded ID cards.

Crucially, Yen insists that the resulting binary answer of whether a user is of age must be "fully anonymized, divorced from any identifying information, and transmitted entirely under end-to-end encryption." Furthermore, the underlying code must be open-source to ensure public trust.

Ultimately, Proton's stance is that the safest data is the data that doesn't exist. "The only way to guarantee that age-verification data will not be stolen, shared, or abused is to not collect it at all," said Yen.

Beyond age verification, though, Yen believes that what's more pressing is "tackle the real root cause" of online harm. And that is, Yen explains, the advertising- and attention-based business model that pushes companies to track and keep both adults and kids hooked to their products.

He said: "Given all the online threats out there, the desire to 'do something' to protect kids is understandable, even laudable. But with age verification, we’re at risk of locking in and reinforcing all the worst aspects of the internet. And the end of the road for all these good intentions is a hellish place indeed."

CATEGORIES
Rene Millman
Rene Millman
Contributing Writer

Rene Millman is a seasoned technology journalist whose work has appeared in The Guardian, the Financial Times, Computer Weekly, and IT Pro. With over two decades of experience as a reporter and editor, he specializes in making complex topics like cybersecurity, VPNs, and enterprise software accessible and engaging.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.