You Verified Your Kid's Age. A Stranger Now Has Your Face.

Full Episode Transcript

You went to set up a game console for your kid. You typed in a birthday. Maybe you held up a driver's license to a camera. And in that moment, a company you've never heard of took a copy of your face — and kept it.

If you've ever clicked "verify your age" on

If you've ever clicked "verify your age" on PlayStation, on Meta, on any app — this story is about you. Because here's what most people get wrong. You think the platform is checking your I.D. You think Sony or Meta sees it, confirms you're an adult, and moves on. According to reporting from GAMES.GG, that's not what happens. The platform hands the job to an outside vendor — a separate company with its own database, its own security, and its own rules about how long to keep your data. So the real question tonight — when your child's age gets verified, who's actually holding your face?

Let's start with why this even exists. Governments across the U.S., Europe, and parts of Asia have passed laws. Platforms now have to prove a kid is really a kid — not just trust a typed-in birthday. Australia went all the way to mandates with penalties. So platforms had a choice. Build verification themselves — slow and expensive. Or pay a specialist vendor to do it fast. Almost all of them chose the vendor.

And that handoff is where the trouble lives. The vendor isn't bound by the privacy promise you saw on the login screen. They operate under their own policy. Your I.D. image, your biometric scan — it now sits in a third-party database you never agreed to by name. It's buried in terms-of-service language almost nobody reads.

Trusted by Investigators Worldwide

Run Forensic-Grade Comparisons in Seconds

Court-ready facial comparison reports. Results in seconds.

Get Started

7-day refund guarantee**

Here's the part that turns a privacy gap into a

Now here's the part that turns a privacy gap into a real danger. Retention. These vendors can't just verify you and delete the file. They have to keep your data — the I.D. photo, the face scan, the logs. Why? So they can prove to regulators later that they checked correctly. Privacy researchers at Promise Legal point to exactly this. Every record they're forced to keep becomes a target sitting in storage.

And targets get hit. CNBC reported on a breach tied to an identity vendor — tens of thousands of users exposed, around seventy thousand. That's not a typo in a database. That's people who held up their I.D. to prove their age, and ended up with their identity in a leak. For the rest of us, that means the safety step you took to protect your kid quietly created a new way for your own information to spill.

The Electronic Frontier Foundation has flagged something else too. These systems lock people out — anyone without the right kind of I.D., anyone the biometric scan misreads. The civil liberties argument is simple. Pile millions of identity records into a handful of companies, and you've built the perfect thing for hackers to chase and governments to demand.

The Bottom Line

Here's the flip. The privacy failure isn't a glitch. It's the design working as intended. The law says protect kids. The platform obeys by outsourcing. The vendor keeps your data to cover itself. Every party did the rational thing — and your face ended up in a stranger's server anyway.

So the simple version. Apps now have to check your kid's age. They pay outside companies to do it. Those companies keep your I.D. and your face — and sometimes they get hacked.

The fight isn't over whether to protect children. It's over how much of you a company gets to keep to do it. Whether you're a parent setting up a console or someone who just clicked "verify" without thinking — your face may already be sitting somewhere you'll never see. The full story's in the description if you want the deep dive.

You Verified Your Kid's Age. A Stranger Now Has Your Face.