The initiative, which had maintained a low profile until recently, has scored two major victories. First, Meta announced in December that it would launch age keys on Instagram this year. The Free Speech Coalition, a non-profit trade association for the adult entertainment industry, has also endorsed age keys as a privacy-preserving way to access pornographic content without compromising identity or security.
Although Privately partners with K-ID on age verification for social and gaming platforms, Privately has not joined the OpenAge initiative. However, other major age-checking providers have signed on, including Incode, Persona, SoCure and Veratad, as well as platform owners like Meta and game developers like Konami.
Luke Delaney, K-ID’s corporate affairs officer, told Ars that the age keys are stored in a password manager and are built on FIDO Passkey technology that is “as secure as the login I use for my bank.”
For users accustomed to storing passwords, letting your device store the age key may seem natural, especially because it doesn’t require opening an account or sharing an email address. Julian Corbett, head of the OpenEdge Initiative and co-founder of K-ID, told Ars that some platforms have adopted the technology more than expected. For example, on one platform that recently launched age keys, about 80 percent of users opted to save them, he said.
For platforms, age keys can become a cost-effective solution. Delaney said, because the OpenAge Initiative’s only cost is an encrypted handshake when sharing an age indication, the platform could “verify a million ages using age keys for $3,000.”
Participating platforms can set limits on what types of age estimates are accepted and how recently the age check must have been completed. Any age key lacking correct indications will be rejected.
The OpenEdge Initiative’s website provides more details, including a developer guide that explains how its double-blind system is designed to protect privacy. Essentially, when someone uses an age key, the age-checking service provider requests access to the platform without knowing who the user is. Meanwhile, the OpenAge Initiative knows who the user is, but does not know which platform is receiving the age indication. The age verification provider ultimately makes a “yes” or “no” decision to grant or deny platform access.
<a href