The initiative, which has kept a low profile until recently, has scored two major victories. Originally, Meta announced in December that it would be rolling out age switches on Instagram this year. The Free Speech Coalition, a nonprofit trade association for the adult entertainment industry, has also endorsed age keys as a privacy-preserving method for accessing pornographic material without compromising identity or security.
While Privately partners with k-ID in age verification for social and gaming platforms, Privately has not joined the OpenAge Initiative. However, other leading age verification providers have also jumped in, including Incode, Persona, Socure and Veratad, as well as platform owners such as Meta and game developers such as Konami.
Luc Delaney, K-ID’s corporate affairs officer, told Ars that age keys are stored in a password manager and are based on FIDO passkey technology, which is “as secure as the login I use for my bank.”
For users accustomed to saving passwords, allowing an age key to be stored on their device might seem natural, especially since it doesn’t require opening an account or sharing an email address. Julian Corbett, head of the OpenAge Initiative and co-founder of k-ID, told Ars that some platforms have seen greater adoption of the technology than expected. On one platform that recently launched age keys, for example, about 80 percent of users chose to keep them, he said.
Age switches for platforms can be a cost-effective solution. Since the only cost of the OpenAge Initiative is an encrypted handshake when an age signal is shared, platforms “can do a million age checks using age keys for $3,000,” Delaney said.
Participating platforms may set limits on which age verification types are accepted and how soon age verification can be completed. Any wet keys without valid signals will be rejected.
The OpenAge Initiative website provides more information detailsincluding developer guidelines explains how its double-blind system is designed to protect privacy. In fact, when someone uses an age key, the age verification service provider requests access to the platform without knowing who the user is. At the same time, the OpenAge Initiative knows who the user is, but not which platform received the age signal. The age verification provider ultimately makes the “yes” or “no” decision to grant or deny access to the platform.
