According to 9to5Mac, age verification laws are now actively blocking app access in certain states, moving beyond policy debates. In August, the Twitter/X alternative Bluesky went offline for users in specific locations rather than comply, but as of this week, it has restored access with a new, mandatory age verification process. The app now partners with a third-party service called KWS (Kids Web Services) to handle verification, requiring users to confirm their email and then submit personal data to KWS. The verification form demands a user’s full legal name, home address, and one of three proofs of age: the last four digits of a Social Security number, a temporary credit card transaction via Stripe, or a scan of a driver’s license or passport via Veriff. Bluesky states it does not have access to the verification information shared with KWS, and KWS claims to store only a hashed email with a verified status for future use across other services.
The new age gate
So here’s what’s actually happening. Bluesky, to operate legally in some states, has essentially installed a digital bouncer. But instead of checking a physical ID at the door, it’s funneling you to a separate company’s website you’ve probably never heard of. You can see their portal at parents.kidswebservices.com and their privacy policy here. The whole thing is a chain of outsourcing: Bluesky to KWS, and then KWS to other specialists like Veratad for SSN checks, Stripe for credit card pings, and Veriff for ID scans. It’s a whole ecosystem built just to prove you’re over 18. And honestly, it feels clunky and invasive.
The VPN loophole (for now)
Here’s the thing: this is still easy to bypass if you’re tech-savvy. Use a VPN, spoof your location to a state without these laws, and boom—you’re in. The article points out that free browser VPNs can work for websites, but you’d need a system-wide paid VPN service to trick an app like Bluesky. But this is a temporary hack. If federal legislation ever passes, your only VPN option would be to use an IP from another country, which comes with its own set of problems and restrictions. So while the VPN escape hatch exists today, it’s not a long-term privacy solution. It’s just a workaround for a patchwork of state laws.
Privacy trade-offs and trust
This process forces a brutal calculus. Is accessing a social media app worth handing over the last four of your SSN to a company called Veratad? Or scanning your driver‘s license to Veriff? The article’s author said the Stripe method seemed “most reasonable” because they already trust it with transactions. That’s a fair point. A credit card number can be changed; your SSN and the biometric data on your license scan cannot. We’re being asked to extend trust to a chain of obscure middlemen, all in the name of child safety. And that’s a powerful, emotionally compelling reason. But it also creates a huge new attack surface for data breaches and expands the surveillance infrastructure. Who’s to say how these verified age databases might be used or leaked in the future?
A preview of the future
Basically, Bluesky is the canary in the coal mine. This isn’t just about one app. It’s a preview of what could become standard for tons of online services if more laws pass. The friction is enormous—imagine doing this for every game, app, or forum you want to use. It will absolutely turn people away. And as these requirements spread, the collective anxiety about where our most sensitive data lives will skyrocket. We’re moving from an internet that mostly takes your word for it, to one that demands a digital passport check. The policy debate in Washington is over. The messy, complicated reality is already live in some states, and your data is the entry fee. For more tech insights, you can follow 9to5Mac on Twitter or YouTube.
