U.S. Age Verification Laws – The Facts

Are age-verification laws the beginning of the end for the open internet? Many people feel something serious is happening, but few understand the actual legislation or how far it now reaches. With the Supreme Court upholding Texas’ HB 1181, age-verification requirements are no longer theoretical—they’re becoming a structural part of the U.S. internet.

Watch on Substack

These laws begin with adult websites, but the architecture being built around them sets the groundwork for a much broader identity-based internet. At the same time, states are targeting app stores with “accountability” laws, and Google is tightening its grip on how Android apps can be installed. Put together, the picture becomes much clearer.

The New Age Verification Rules

Across Texas, Utah, Louisiana, and Mississippi, the language is nearly identical. Any website where roughly a third of the content is considered “harmful to minors” must verify the age of every visitor before allowing access. Verification must be done through:

• a government-issued ID,
• a digitized ID card,
• or a third-party age-verification database using transactional data.

Websites are instructed not to store identifying information after approval, but the identity check still takes place. The mechanism is now established: show your ID before viewing certain content.

If you live in one of these states, you’ve already seen this in action. Adult sites now display warning banners and ID checks. The only current workaround is a VPN that places your IP outside the regulated states, because the site’s location check is based entirely on your IP.

The key point: the legal precedent has been set. States now have a tested, court-approved framework for requiring digital identification online.

Expanding Into App Stores

While these age-verification laws focus on content, states like Texas and Utah have introduced a separate category of rules targeting app distribution. App stores must now verify the age of users when they create accounts. And “app store” is defined so broadly that it can include:

• websites that distribute apps,
• alternative catalog front-ends,
• open-source repositories like F-Droid,
• or essentially any platform where software is downloaded.

Even the phrase “mobile device” is defined broadly enough to include laptops.

This quietly pulls software distribution under the same identity-verification umbrella. Open-source platforms may be forced to either introduce account systems—something many deliberately avoid for privacy reasons—or block users from certain states entirely. In Gitlab forums these possibilities are being openly discussed, including creating separate restricted repositories or implementing geo-blocking.

This is a direct pressure on anonymous software access. It introduces liability concerns for developers and catalog maintainers and shifts the internet away from open download ecosystems and toward identity-locked platforms.

Google Tightens Control Over Sideloading

In a surprising turn of events, Google is adjusting their new developer verification requirements. As I’ve covered on #TBOT 15 – these new rules would have prevented Android users from installing open-source apps that don’t give up their IDs and signing keys to Google.

Now Google won’t be completely blocking these apps but will now require an “advanced flow.”

You can assume this to mean Dark UI, that makes it fairly annoying and difficult to install apps directly from the source, apparently this should only be trusted for developers and power users.

Previously Google pointed to their vague study of apps in the Android ecosystem, they looked at apps on the web and found there were more malicious than the proportion on the Play Store. They gave literally no numbers.

Now this is happening again, with one Southeast Asia malware app as an example, but left without a name or example of how widespread this is.

Instead of building a prison wall around current Android users, now they’ve downgraded to a barbed wire fence. It’s going to be a pain to get across.

Remember, this change will occur in 2027, and there’s no telling where they will stop. Once the system is rolled out to classify apps in this fashion, the security measure can easily be adjusted or locked out completely.

Now is the time to ditch official Android phones altogether and use a de-Googled counterpart.

🛍️ Above’s Black Friday Sale is Back!
Our best sale of the year is back—with some phones up to $500 off, plus deals on laptops and bundles.

If you’re ready to upgrade your privacy gear, now is the best time.

Don’t wait—supplies of our most popular devices are extremely limited!

Shop Now!