Leading age assurance suppliers deny an Australian teenager’s claim that she bypassed biometric checks with a photo of her mother
Reports suggesting the defeat of facial age estimation technology may be premature, according to leading industry experts who have challenged claims that simple image spoofing is sufficient to bypass modern age verification systems used by major social media platforms.
The controversy was sparked by a BBC report detailing the account of Isobel, a 13-year-old Australian, who claimed she successfully fooled Snapchat’s age estimation system using a static photograph of her mother. She suggested other simple image tricks could work, leading her to dismiss Australia’s planned social media restrictions as unworkable.
However, the technology companies involved quickly pushed back. k-ID, one of Snapchat’s age assurance suppliers, stated that Isobel’s account is “extremely improbable.” The firm’s presentation attack detection (PAD) technology, which meets stringent ISO/IEC 30107 standards, is designed to spot still images and deepfake attempts.
Robin Tombs, CEO of Yoti, emphasized that PAD tests against international standards start with photo attacks, and certification requires the technology to detect 100% of such basic attacks. A core flaw in age verification systems—such as the one that led to a growing fine for the UK’s AVS Group—is precisely the lack of biometric liveness detection.
Deepak Tewari, CEO of Privately (which provides the age estimation capability for k-ID), confirmed their system utilizes both active and passive liveness checks, making a bypass with a simple photo highly unlikely.
While another Australian 15-year-old reportedly passed a check on Snapchat, Tombs noted that the industry standard is to make “reasonable efforts, but not 100% perfection,” to delay access until an individual is 16 or older. This means a small margin of error allowing older teens to pass is often built into the regulatory framework.
Separately, claims that UK children are flocking to Virtual Private Networks (VPNs) to evade restrictions under the new Online Safety Act (OSA) appear to be greatly exaggerated, according to new research.
A significant rise in overall VPN use was noted earlier this year, with many observers attributing the spike directly to children attempting to circumvent the OSA’s restrictions.
However, a November survey of UK children and parents by Childnet found that the increase “is not attributable to children.” The adoption of VPNs by children has remained fairly consistent over the past year. Only 2 per cent more children reported using VPNs in the three months immediately following the OSA’s implementation compared to the year before.
While a minority of children use VPNs to view age-inappropriate content or bypass parental controls, the primary reasons cited by the survey respondents were to protect online privacy or access geographically restricted content. Will Gardener, CEO of Childnet, noted that independent reports using different methodologies have drawn similar conclusions, suggesting the mass digital evasion theory is unsupported by the evidence.
