Here is a review of some age verification providers
AU10TIX (Used by ‘X’)
Elon Musk’s X (formerly Twitter) has used Israeli firm AU10TIX for ID document and selfie‑based checks since 2023 – originally to verify premium ‘blue check’ users, and now to comply with age assurance requirements. The company, spun out of ICTS International – founded by former Shin Bet (Israeli domestic intelligence) officers – also employs engineers with backgrounds in Israel’s military cyber‑intelligence unit, Unit 8200.
In 2023, digital rights activist and MENA specialist Mona Shtaya described the partnership as “alarming.”
“Hiring a company with ties to former secret intelligence, Shin Bet, puts us all at risk,” Shtaya said. “This move threatens to fortify and weaponise our digital realms. A fate Palestinians already endure due to the ongoing military occupation. It’s a disaster in the making for all its users.”
AU10TIX’s privacy policy lets it process data under the broad umbrella of “legitimate interests,” potentially allowing reuse or sharing beyond age checks.
In 2024, 404 Media revealed a major data breach: administrative credentials were left exposed online for over a year, giving hackers potential access to sensitive user data. The company says there’s no evidence that the exposed data was used maliciously.
Kids Web Services (Used by Bluesky)
Bluesky, generally viewed as more privacy-oriented than other legacy social media platforms, uses an age verification service called Kids Web Services (KWS). KWS is owned by US company EpicGames, known for producing the popular game Fortnite – and paying out $520 million to the US Federal Trade Commission in 2022 for manipulating users and violating children’s privacy laws.
EpicGames offers KWS’ age assurance services to clients like BlueSky free of charge, but they don’t come out of it completely empty-handed. KWS gets access to some combination of email addresses, names, dates of birth, mailing addresses, national identity numbers, cell phone numbers, device identifiers, IP addresses, login data, site navigation data and more.
Open Rights Group notes that KWS employs browser fingerprinting – a surveillance technique that tracks users based on unique characteristics of their browser and device. The group claims that KWS is also known for refusing to respect ‘Do Not Track’ signals, browser settings that let websites know you don’t want to be tracked online.
Data compliance lawyer and writer Simon McGraw points out that KWS – not Bluesky – is ultimately the legal entity responsible for the data collected. KWS explicitly states in a data control agreement with BlueSky that: “If we [KWS] are involved in a merger, acquisition, or sale of assets, we may share your personal information with the acquiring or receiving entity.”
“We’ve legislated for a new kind of surveillance capitalism,” McGraw writes. “As always, if a service on the web is being offered for free, it just means that you (in this case the adult wishing to participate in social media) are not the customer. You are the product.”
Persona Identities Inc (Used by Reddit)
The popular forum Reddit uses the San Francisco‑based firm Persona for age checks. In 2025, Persona raised $200m in a round led by the Founders Fund, the venture capital group run by data magnate Peter Thiel.
Thiel’s company, Palantir, has been widely criticised for its ties to the Trump administration and its US surveillance, security, and immigration enforcement contracts.
Persona has faced lawsuits in the US alleging that it retained the biometric data of food delivery drivers and that it used users’ selfies to train AI models – claims it denies. Its privacy policy promises to delete face scans after seven days, but vaguely allows data use for “service improvement” and, since 2025, requires users to waive their right to join class‑action lawsuits.
Spokesperson Evelyn Ju stated that the company always takes a “privacy- and compliance‑first approach.”
github.com
