On-Device Age Checks: The Quiet Fix to a Loud Privacy Problem
New age verification laws are forcing websites to check how old you are. A newer approach keeps your face on your phone instead of shipping it to a server.

Key points
- Governments in the UK, EU, US and Australia are rolling out laws in 2024 and 2025 that force websites to check the age of their users.
- Most current age checks send a photo of your face or your ID to a third-party company, which then stores it.
- A newer method called on-device age estimation runs the check inside your phone or laptop, so the image never leaves the device.
- Identity vendor Incode is pushing this approach as a way to meet the laws without building fresh piles of sensitive data.
- Security teams still need to worry about the app itself, the model updates, and how the yes/no answer gets sent back.
Age verification is having a moment, and not a fun one.
Britain's Online Safety Act, the EU's Digital Services Act, several US state laws and Australia's under-16 social media ban all land on the same doorstep. If your site shows adult content, sells alcohol, or hosts a social feed, you now have to prove your users are old enough. In practice, that has meant asking people to upload a selfie or a driving licence to some third party they have never heard of.
That third party then stores it. Sometimes badly.
The failure mode here is depressingly familiar. A verification vendor gets breached, and suddenly a database of faces and government IDs is on a criminal forum. It happened to AU10TIX. It happened to a contractor used by Discord. First reported by BleepingComputer, the pattern is the same every time: the data was collected for a legal reason, kept for far longer than needed, and protected like an afterthought.
On-device age estimation is the alternative getting airtime this week, with identity vendor Incode publishing a writeup on how it works.
The pitch is simple. Instead of sending your face to a server, the software runs a small machine learning model, a program trained to guess age from facial features, directly on your phone or laptop. The camera sees you. The model estimates whether you look over 18, or over 25, or whatever threshold the site needs. The device sends back a single answer: yes or no. The image is deleted. Nothing lands in a vendor's cloud bucket.
For a nurse or a shop owner reading this, the practical difference is real. Today, verifying your age to watch a video or buy wine online often means handing a photo of your passport to a company you will never interact with again. Under the on-device model, you point your camera, wait a second, and get through. No selfie sitting on someone's Amazon S3 storage waiting to leak.
Is this actually safer, or just marketing?
Mostly safer, but not automatically. The privacy win is genuine: no central database of faces means no central database to steal. That alone removes the worst outcome of the current setup.
The things a post-mortem will still ask about, though, are the boring bits around the edges.
Who signed the model? If an attacker can swap in a tampered version, they can force it to answer "yes" for a child. How is the yes/no result sent back to the website, and can that be forged by someone who never opened the camera at all? Is the app doing what it claims, or quietly uploading frames for "quality assurance"? Regulators in the UK and EU are starting to ask exactly these questions, and "trust us, it runs locally" will not cut it for long.
There is also the accuracy problem. Age estimation models are known to perform worse on darker skin tones and on women, according to testing by the US National Institute of Standards and Technology. A 19-year-old wrongly told she looks 15 is a minor annoyance. At scale, it is a discrimination lawsuit.
For security and platform teams, the operational takeaway is short: if you are buying an age verification product in 2025, ask where the image lives, who signs the model, and what the audit trail looks like when it gets things wrong.



