I
Picture this.
You’re on the subway, scrolling through your phone. You try to open a familiar news site. The page doesn’t load. Instead, a message appears: “Please upload a photo of your driver’s license or passport to verify your age.”
Your finger hovers over the screen. A few thoughts flash through your mind: Why does this website need my ID photo? Where will it store the image? What if hackers steal it? I just want to read the news — why am I handing my ID to an internet company?
If this sounds like some dystopian scene from science fiction — it’s not. In late June 2026, the U.S. House of Representatives is preparing to vote on a bill called the KIDS Act (Kids Internet and Digital Safety Act). If it passes, that scenario will become daily reality across America’s major social platforms, video sites, and messaging apps.
And that’s not even the only thing making the developer community explode.
On Hacker News, the discussion thread for this bill hit 265 points and 234 comments within 12 hours — rare heat for a policy story. The programmers’ anger isn’t just about privacy. They dug into the campaign finance sources of the two lead sponsors in the thread: Republican Brett Guthrie’s top donor is Google’s parent company Alphabet, which contributed roughly $398,000 during the 2024 election cycle. Democrat Frank Pallone’s top two donors are AIPAC (the pro-Israel lobbying group, roughly $241,000) and the AI company Anthropic, with Comcast also among his major funders.
The bill’s key architects took money from tech companies — and the bill itself is pushing a universal internet ID system. The developers can do that math just fine.
II
To understand why this bill so thoroughly repulses the tech community, you need to grasp how it actually works.
The KIDS Act is really an “omnibus package” that bundles together over a dozen internet regulation bills — including a revised Kids Online Safety Act (KOSA), the SAFE BOTS Act, the SCREEN Act, and more. Congress isn’t debating these bills one by one; they’ve been packaged together and are being fast-tracked.
The key problem sits in one legal phrase: “knows or should have known.”
Under the bill, when a platform “knows or should have known” that a user is a child under 13, or a teen aged 13–16, it must apply a set of special protections — including restricting certain content, providing parental control tools, adjusting messaging settings, and so on.
Sounds reasonable, right? But “should have known” is a massive trap.
It means the platform doesn’t need to actually know your age — if a court or regulator later decides the platform “should have had a way to know” your age, the platform is in violation. This legal standard, in American law, is a “negligence standard” — far lower than “willful violation,” requiring almost no proof of bad intent.
The consequence? The Electronic Frontier Foundation (EFF)‘s legal team spells it out directly: To avoid legal liability, platforms will be forced to verify the age of every single user — including adults. Nobody is going to take the risk of assuming you’re “probably an adult.”
III
So how does age verification actually work? The industry currently has three paths.
Path one: Document upload. Users photograph and upload their driver’s license, passport, or national ID. The platform matches the document image against databases to confirm you are you and how old you are. This is the most “reliable” approach — and the most dangerous. In 2024, Discord, while attempting to roll out age verification, partnered with a third-party identity verification company called Persona, requiring some users to upload government ID photos. The result? Discord later disclosed that due to a third-party customer support vendor being hacked, at least 70,000 users’ ID photos were leaked. That case perfectly previews what will happen if the KIDS Act is fully implemented — except this time, hundreds of millions of Americans would be affected.
Path two: Facial scanning and age estimation. The platform captures the user’s facial image via the front-facing camera and uses AI algorithms to “guess” the user’s age. This path doesn’t require uploading documents and seems more “privacy-friendly.” But EFF research shows these age estimation systems have high error rates when judging minors’ ages — and minors are exactly who KOSA claims to protect. Worse, these systems have significantly higher misidentification rates for people of color, people with disabilities, transgender people, and non-binary people. In other words, those who most need protection are the most likely to be misjudged by the system.
Path three: Third-party verification services. Users submit identity information to an independent verification entity, which only returns a “adult/minor” binary judgment to the platform without revealing specific personal details. The idea is that “the platform never gets your ID, only a conclusion.” The problems: first, these third-party services become golden targets for hackers — they centrally store massive amounts of sensitive identity data. Second, users have to trust companies whose names they’ve never even heard. Third, a nationwide age verification infrastructure is, in essence, a government-backed universal identity registration system — and it’s being built by a bunch of commercial companies.
Supporters of the bill repeatedly stress: “KOSA does not mandate age verification.” That sentence does appear in the text. But as the EFF article points out: When every obligation in a law depends on whether you know the user’s age, and the standard of judgment is “should have known,” that “does not mandate age verification” disclaimer is just empty words.
IV
The privacy risk is only half the story. The other half is speech.
The revised KOSA removed the original version’s notorious “duty of care” provision — a significant concession. But in its place, the bill requires platforms to “establish, implement, maintain, and enforce” content moderation policies covering a range of categories.
Some of these categories do involve genuinely illegal conduct, like violent threats and sexual exploitation. But others are alarmingly broad: the bill requires platforms to moderate discussions about the “sale or use” of drugs, tobacco, cannabis, gambling, and alcohol, plus topics related to financial fraud.
If strictly enforced — if platforms don’t want to take legal risks — the following content could all be removed or restricted:
- A 15-year-old girl posting “My friend has been drinking too much lately, I’m really worried about her”
- Teenagers exchanging addiction recovery experiences or harm reduction advice in discussion forums
- A kid posting “I think my dad’s being scammed, what should I do”
As the EFF attorney put it: “We’ve seen this movie before. When legal risk rises, platforms take down more speech.”
Even more concerning is the bill’s interference with encrypted communications. The KIDS Act includes new requirements for private messages, disappearing messages, and AI chat services. While the bill claims it should not be interpreted to “override strong encryption,” this protection is incomplete — it only covers some functional requirements and does not apply to KOSA’s separate provision requiring platforms to “address” harms to minors.
An obvious question the bill doesn’t answer: if a platform cannot read the content of encrypted communications, how is it supposed to “address” harms that might occur within them? This creates an impossible dilemma for encrypted messaging services — either weaken encryption strength, or restrict features on encrypted services. That’s why the developer communities behind WhatsApp and Signal have issued stark warnings: this bill creates a legally untenable environment for encryption.
V
Now let’s return to the money.
The KIDS Act’s lead sponsor, Brett Guthrie, is a Republican representative from Kentucky and chair of the House Energy and Commerce Committee. According to OpenSecrets public data (which HN commenters linked directly in the discussion thread), among his top five donation sources for the 2024 election cycle, Alphabet (Google’s parent company) ranks first at roughly $398,000. The same data shows he received more political contributions from the pharmaceutical and health products industry than any other member of Congress — over $500,000 in 2024 alone.
Frank Pallone is a Democratic representative from New Jersey and a senior member of the Energy and Commerce Committee. Among his top five donation sources for the 2024 election cycle, AIPAC ranks first (roughly $241,000), with Anthropic and Comcast close behind.
Of course, accepting money from tech and pharma companies doesn’t mean the bill was custom-written for donors. The causal relationship between campaign contributions and legislative behavior can never be drawn as a straight line. But here’s what was happening at the same time: Meta (parent company of Facebook and Instagram) was simultaneously running a lobbying blitz. According to a Reuters report from June 18, 2026, Meta was lobbying Congress for legal immunity from child-harm lawsuits — and in exchange, Meta was willing to drop its opposition to KOSA. In other words: Meta wanted to trade “supporting this child protection bill” for “if my product hurts children, you can’t sue me.”
Meta also supports shifting the age verification burden from platforms to app stores — letting Apple and Google verify ages when users download apps. Why? Because then Meta wouldn’t have to collect users’ IDs itself. Apple and Google are furiously lobbying against this approach. This is a turf war between tech giants, and child safety is the banner everyone is waving.
VI
The developers on Hacker News see through all of this quite clearly.
One user, zmgsabst, pointed out the “slippery slope” in the bill’s coverage definition: the bill defines “covered platform” to include any service that “utilizes user personal information for advertising, marketing, or content recommendation.” This means it’s not just Facebook and TikTok — even your bank’s website (your bank uses your information to push financial product ads at you, right?) is theoretically in the crosshairs.
Another user recalled: “I remember when I was a kid online, the first rule adults taught was ‘never give out your personal information online.’ Now it’s become ‘when asked for your personal information, hand it over immediately or you can’t use the service.’”
What most exhausts developers’ patience is the technical absurdity: the “Parents Decide Act,” which would require age verification at the operating system level, is advancing on a parallel track — meaning your computer would need to verify your age before it even boots up. As one comment on Reddit’s r/linux put it bluntly: “Do they think kids are going to install their own operating systems to bypass parental controls? No, they just want every device we own to become a surveillance terminal.”
There’s also a broader question: why is nearly every Western country pushing similar internet age verification legislation at almost the same time? The UK has its Online Safety Act, the EU is advancing its digital identity app, Australia is debating social media age restrictions, and the U.S. has the KIDS Act — this isn’t coincidence. As one HN user wrote: “This is an organized campaign. The lobbying groups got their instructions, and now they’re executing, one jurisdiction at a time.”
VII
I don’t want to turn this into a simple good-vs-evil story. Reality is more complicated.
From the supporters’ side: many parents genuinely are anxious about their children’s online environment. Bullying on social media, the flood of adult content, algorithms endlessly extracting teenagers’ attention — these aren’t imaginary problems. If you’ve seen your child receive private messages from strange adults, your support for “internet ID verification” is understandable.
From the opposition’s side: once a nationwide age verification infrastructure is built, it will never be used only for “protecting children.” History repeatedly proves that once a surveillance system is built, its uses continually expand. Today it’s used to verify whether you’re 16. Tomorrow, whether you can view certain political content. The day after, to track your browsing history — every step taken under the banner of “protecting children” or “maintaining safety.”
The real dilemma is this: we want an internet that’s friendlier to children, but we don’t want to surrender our privacy to get it. These two goals aren’t necessarily in conflict — but the KIDS Act’s chosen path is to sacrifice privacy in exchange for (possibly unreliable) protection.
As for the talking point that “you just want to expose children to danger” — another HN comment may be the best response: “The kids are all right. The real concern is the adults who are convinced the kids aren’t all right — isolate them from children’s lives and you’ve solved more than half the problem.”
VIII
Having written all of the above, I need to state a few things clearly.
I have not personally tested any age verification system, nor have I spoken with the KIDS Act’s sponsors on the phone, nor have I seen what the American internet will look like after the bill passes. All data and analysis in this article come from public sources — EFF’s legal analysis, Reuters’ lobbying coverage, OpenSecrets campaign finance data, and the developer discussion on Hacker News. If you question any number or judgment, you can absolutely go verify the original sources yourself.
Campaign contributions do not equal corruption. Alphabet being Rep. Guthrie’s top donor does not mean Google dictated this bill. But when a bill sits at the intersection of privacy rights, corporate interests, and civil liberties, knowing who is writing checks to its sponsors should at least not be a secret.
On the matter of keeping children safe online, I have no simple answers. My position is only this: if a proposal requires you to give up your own privacy to secure someone else’s safety, it’s probably not a good proposal — especially when the part you’re giving up happens to be the foundation for every future right you hold.
Reference Links:
- EFF, “The KIDS Act Would Require Age Checks To Get Online”, 2026-06-24, https://www.eff.org/deeplinks/2026/06/kids-act-would-require-age-checks-get-online
- Hacker News discussion, 265 points / 234 comments, https://news.ycombinator.com/item?id=48706560
- Reuters, “Meta lobbies Congress for protection from child-harm lawsuits”, 2026-06-18, https://www.reuters.com/world/meta-lobbies-congress-protection-child-harm-lawsuits-2026-06-18/
- SGT Report / Reclaim The Net, “House Committee Passes Child ‘Safety’ Bills That Pushes National Age Verification Surveillance”, 2026-03-06, https://www.sgtreport.com/2026/03/house-committee-passes-child-safety-bills-that-pushes-national-age-verification-surveillance/
- TechSpot, “Meta wants a child safety bill rewritten to shield it from lawsuits over harm to kids”, 2026-06-19, https://www.techspot.com/news/112824-meta-wants-child-safety-bill-rewritten-shield-lawsuits.html
- OpenSecrets, “Rep. Brett Guthrie - Campaign Finance Summary”, https://www.opensecrets.org/members-of-congress/brett-guthrie/summary?cid=N00029675
- OpenSecrets, “Rep. Frank Pallone Jr. - Campaign Finance Summary”, https://www.opensecrets.org/members-of-congress/frank-pallone-jr/summary?cid=N00000781
- H.R.7757 - KIDS Act (bill text), 119th Congress, https://www.congress.gov/bill/119th-congress/house-bill/7757/text
- POLITICO, “Guthrie and Pallone cement deal for kids online safety package”, 2026-06-22, https://www.politico.com/live-updates/2026/06/22/congress/guthrie-and-pallone-cement-deal-for-kids-online-safety-package-00969686
- New Republic, “Frank Pallone corporate donors”, https://newrepublic.com/article/161778/frank-pallone-corporate-donors-money