Been seeing a lot of misleading claims from ID and age verification vendors lately. Let's be clear.

- Client-side only face scan
- Client-side only ID info extraction
- Client-side only image to info comparison
- Client-side only integrity witness
- Server-side only gets 18+ or no (no other data, hash, or telemetry)

If the implementation deviates from that at any step, the privacy claim is marketing, not architecture.

The technical bar exists. It can be met and would satisfy all; UK, American, and Australian laws even on browsers. it's just inconvenient to meet it.

#privacy #ageverify #infosec #security #uk #linux #California #colorado