Farcical recognition: UK users bypass face-based age verification with video game characters

Discord users in the UK are bypassing new age verification requirements by using video game characters instead of their real faces, exploiting weaknesses in facial recognition systems. The workaround highlights significant vulnerabilities in age verification technology that could become even more problematic as AI-generated content grows more sophisticated.

What’s happening: The UK’s new child safety laws require platforms like Discord to verify users are over 18 through government ID or face scans to access age-restricted content.

• Users discovered they could pass facial verification using screenshots from video games like Death Stranding, God of War, and Cyberpunk 2077.
• One user successfully verified using Norman Reedus’s character from Death Stranding, while others used characters from games ranging from Baldur’s Gate 3 to even Garry’s Mod.
• The bypass method quickly went viral on social media, inspiring others to try similar approaches.

Why this matters: These vulnerabilities expose fundamental flaws in age verification systems just as they’re being implemented globally, with potential implications for child safety and data privacy.

• Companies like Google are rolling out AI-driven age estimation for Search and YouTube.
• Gaming platforms like Roblox are making age checks central to safety measures.
• The ease of bypassing current systems raises questions about their effectiveness in protecting children.

The technical challenge: Experts warn that current verification methods have too many exploitable loopholes that will only worsen with advancing AI technology.

• “The industry is trying to find solutions to the issue of AI deepfakes and live AIs,” says David Maimon, head of fraud insights for SentiLink, a fraud prevention company.
• Bad actors typically stay “7 to 12 months ahead” in finding vulnerabilities to bypass security technologies.
• Even photo IDs can be convincingly faked with modern printing techniques and materials.

What the users are saying: People bypassing the systems cite privacy concerns and philosophical opposition to mandatory verification.

• “Requiring people to give up facial information to access all the features of websites and apps like Discord and Bluesky is a massive overreach,” one user told WIRED.
• Users worry about data breaches, pointing to incidents like the Tea app breach that exposed thousands of women’s verification photos.
• “I don’t trust the third party services that are being used with my data, especially with how damaging data leaks can be,” another user explained.

The bigger picture: The situation illustrates a broader tension between child safety goals and practical implementation challenges.

• Critics argue these systems push young people toward less regulated corners of the internet rather than protecting them.
• Alternative approaches might need to rely more on historical data like phone numbers and addresses rather than biometric verification.
• The proliferation of real-time AI video generation technology could make current verification methods obsolete.