According to TechRadar, Bluesky has begun enforcing mandatory age verification for all new users globally using Kids Web Services (KWS) to comply with Australia’s new under-16 social media ban, despite not being one of the ten platforms—Facebook, Instagram, Kick, Reddit, Snapchat, Threads, TikTok, Twitch, X, and YouTube—initially named in the law. Accounts for under-16s will be deactivated, adult content blocked for under-18s, and direct messaging disabled for 16-18 year olds. The platform also reversed its earlier block on users in Mississippi, implemented due to the state’s age verification laws, though it still criticizes the law. Major platforms like Meta began notifying suspected under-16 accounts on December 4, using partners like Yoti for verification, while YouTube and Snapchat are taking similar approaches. This has already triggered a spike in VPN searches in Australia, as regulators also expect platforms to try and block VPN workarounds.
Bluesky’s unexpected move
Here’s the thing: Bluesky wasn’t forced to do this. The law, as written, only names ten specific platforms. So why would a smaller, technically-exempt platform proactively roll out a global age-gating system? It seems like a preemptive compliance play, maybe to avoid future scrutiny or legal headaches down the line. But it’s also a massive operational shift. They’re using Kids Web Services (KWS) for verification, which means every new user, everywhere, now hits a checkpoint. That’s a huge friction point for growth. And by disabling DMs for 16-18 year olds, they’re basically walling off a core social feature for a huge chunk of potential users. It’s a stark reminder that when big markets like Australia make rules, the compliance ripple effect is global, not local.
The big platform scramble
Now, look at how the named giants are handling it. Meta’s approach, detailed in their policy blog, is interesting. They’re not blanket-banning all teens. They’re notifying accounts they *suspect* are under-16 and offering a challenge process via a video selfie or ID with a third party, Yoti. That’s arguably less draconian but raises its own privacy red flags. YouTube’s doing something similar, as per its support page, and Snapchat partnered with k-ID. Reddit, despite its opposition, is complying and even making a “safer” app for under-18s. But then you have X, Kick, and Twitch staying quiet. So there’s no uniform standard. It’s a patchwork of different verification partners and different rules, which is confusing for users and probably inefficient for everyone.
The VPN wild card
And this is where it gets really messy. The immediate reaction, shown by that Google Trends spike, is for people to just use a VPN. It’s the digital equivalent of going around a roadblock. But the regulators have already said they expect platforms to *try* to stop VPN use. How? That’s the billion-dollar question. Can they reliably detect and block VPN traffic at scale? And if they try, they’ll inevitably block legitimate users or spark a cat-and-mouse tech arms race. The article’s warning about insecure free VPNs is real, too. When you push people toward privacy tools, many will grab the first shady free app they find, potentially creating a bigger security problem than the one the law tried to solve. It’s a classic unintended consequence.
A privacy crossroads
So what are we left with? Bluesky’s move shows that even platforms outside the law’s direct sight are feeling the pressure, creating a de facto global standard for age checks. Mississippi’s situation is a microcosm of the pushback—Bluesky is back, but they’re openly refusing to follow all the details of a law they call speech-limiting. Basically, we’re at a crossroads. Governments want to protect kids online, a totally valid goal. But the method—mandatory age verification for vast swaths of the internet—forces a massive collection of sensitive personal data (your face, your ID) into third-party systems. Is trading anonymity and privacy for access the right trade-off? And can any of these systems actually be foolproof? I doubt it. The tech is scrambling to catch up to the legislation, and users are stuck in the middle, with their privacy often being the collateral damage.
