An investigation of the forces behind the age-verification bills [LWN.net]

Reddit user "Ok_Lingonberry3296" has posted the results of an extensive investigation into the companies that are pushing US state legislatures to enact age-verification bills.

I've been pulling public records on the wave of "age verification" bills moving through US state legislatures. IRS 990 filings, Senate lobbying disclosures, state ethics databases, campaign finance records, corporate registries, WHOIS lookups, Wayback Machine archives. What started as curiosity about who was pushing these bills turned into documenting a coordinated influence operation that, from a privacy standpoint, is building surveillance infrastructure at the operating system level while the company behind it faces zero new requirements for its own platforms.

(See also this article for a look at the California law.)

to post comments

spoiler: it's meta/facebook

Posted Mar 13, 2026 14:32 UTC (Fri) by anarcat (subscriber, #66354) [Link] (23 responses)

I think it's worth going a little further in the quotes here and name names:

Meta spent $26.3 million on federal lobbying in 2025 and deployed 86+ lobbyists across 45 states. It funded a nationally active advocacy group (DCA) with no legal existence in the IRS system. It hired Hilltop Public Solutions to simultaneously run its $45M super PAC and coordinate DCA's messaging. It previously hired Targeted Victory to run a covert astroturfing campaign against TikTok using child safety as the narrative frame.

It also refers to previous attempts by Meta at doing that sort of shady lobbying:

This is not speculation about what Meta might do. This is what Meta has been publicly documented doing: hiring firms to plant stories, manufacture public concern about competitors using child safety as the framing, and conceal the corporate origin of the messaging. The Targeted Victory campaign and the DCA campaign use the same playbook: fund an outside entity to push messaging that serves Meta's commercial interests while hiding Meta's involvement.

Throughout this age-verification push I kept wondering "who's really doing this?" It's nice to see someone lift the covers...

spoiler: it's meta/facebook

Posted Mar 13, 2026 14:44 UTC (Fri) by dskoll (subscriber, #1630) [Link]

What is this now, about the 120th time that everyone realizes "Citizens United v. FEC" was an unmitigated disaster?

spoiler: it's meta/facebook

Posted Mar 13, 2026 15:38 UTC (Fri) by swilmet (subscriber, #98424) [Link] (21 responses)

Meta is doing lobbying in the EU too: Ex-Meta lobbyist put in charge of EU's digital rules: 'Tech oligarchy writing its own rulebook'

Meta’s former chief EU lobbyist was elected to the European Parliament (from a right-wing party) and is now working on the "Digital Omnibus" to deregulate the GDPR and the ePrivacy framework among other things…

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 13, 2026 16:02 UTC (Fri) by davecb (subscriber, #1574) [Link] (20 responses)

Age verification is a guaranteed fail, because this is NOT an age verification problem. It's an 'access in private" problem.

First of all. it can't work. An age requirement can function if an only if
-- the child is young enough, and
-- they have no-one who can help them work around the age requirement.

For an older child, buying the their own phone or reinstalling Windows will defeat this kind of measure. The scheme fails for proprietary OSes just as it does for Linux. On Linux, it's easier. Creating another account will do the job in double-quick time.

This law is a proposal to ban the wrong thing, which we NOW find is not made in good faith. We need to go back to the last thing that visibly worked: https://leaflessca.wordpress.com/2026/02/09/wrong-ban/

This is derived from M Fioretti's longer "Dear parents, social media are yesterday's battle", https://mfioretti.substack.com/p/dear-parents-social-medi...

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 14, 2026 9:39 UTC (Sat) by lmb (subscriber, #39048) [Link] (7 responses)

> The scheme fails for proprietary OSes just as it does for Linux.

Oh, but no, it does not.

After all, you can only install an "untrusted" application or reinstall an operating system if you have an unlocked bootloader.

You know, the very thing Google and Apple and Samsung et al don't want us to have anyway. Nor any of the companies that want us unable to leverage ad blockers, or other privacy shields.

These systems *can* be build and protected to the point where almost nobody (readers here obviously don't count) can't realistically circumvent them.

That is very quite clearly the mid- to long-term goal.

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 16, 2026 7:49 UTC (Mon) by gf2p8affineqb (subscriber, #124723) [Link] (3 responses)

Google is one of the few phone manufacturers that let you unlock your bootloader, so that's a weird take.

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 16, 2026 11:50 UTC (Mon) by paulj (subscriber, #341) [Link] (2 responses)

Upon which a number of apps will refuse to run anymore, including some of Google's own.

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 19, 2026 11:54 UTC (Thu) by cortana (subscriber, #24596) [Link] (1 responses)

I think this is the price that we (in certain jurisdictions anyway) pay for being immunized against liability for authorized push payment fraud in the "my phone was hacked" scenario.

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 19, 2026 12:01 UTC (Thu) by paulj (subscriber, #341) [Link]

Which it doesn't really prevent, as nearly all of that appears to be done via social-engineering with the user manipulated into knowingly approving the authorisations when they come in.

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 19, 2026 1:01 UTC (Thu) by davecb (subscriber, #1574) [Link] (2 responses)

To the best of my knowledge, re-installation is available and used by end users when they have a disk failure.
- if they have a Windows product key or a Microsoft account that's linked to their license, they can reinstall Windows,
- on a Mac, they can boot into recovery mode, format a disk, and install macOS on it.

I don't use either, although have have run Windows in a VM. Therefor my information is second-hand.

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 19, 2026 10:31 UTC (Thu) by paulj (subscriber, #341) [Link] (1 responses)

> - if they have a Windows product key

The windows key is baked in to the UEFI vars, for many many years now.

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 21, 2026 15:36 UTC (Sat) by cesarb (subscriber, #6266) [Link]

> The windows key is baked in to the UEFI vars, for many many years now.

Not always, AFAIK that's the case only if you bought an OEM computer with Windows preinstalled.

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 16, 2026 9:23 UTC (Mon) by Niflmir (subscriber, #175249) [Link] (10 responses)

I think those are acceptable failure modes for child protection. Back before the internet the ban on child access to pornography only worked as well if there was no one willing to buy/sell/rent a magazine/video to a child and the child was young enough. (With the additional failure mode that the child wouldn't find an adult's stash which still also holds.) So I think historically almost every person experienced the rule failing at some point as they were growing up.

These are always of cases of perfect being the enemy of good. A parent doesn't need a perfect solution, only a reasonable one.

It is easier for a parent to supervise whether or not their child has acquired a phone on their own then to constantly watch their child on a general purpose computing device. Perhaps some parents might wish for phone purchases themselves to be age controlled but maybe it is enough for most parents that the price of a device is usually out of reach for their children.

A society needs to make reasonable accommodations for parental supervision. Telling parents that they must buy proprietary software that plays whack-a-mole with adult content isn't reasonable. Requiring creators of adult content to figure it out isn't reasonable. Requiring creators of adult content to be part of a coordinated effort to prevent child access in a manner that preserves privacy is reasonable. A flag on an account that the individual is old enough preserves privacy and enables such opt-in. Browsers or app stores access the user account flag. Websites read a header.

Since tracking of minors is illegal in most jurisdictions, activating the flag on your own account (should you not want to peruse adult content) also can serve as a dual-purpose DO-NOT-TRACK flag. Of course, companies can break laws...

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 16, 2026 9:31 UTC (Mon) by taladar (subscriber, #68407) [Link] (5 responses)

Why not just require the creators of adult content to flag it as adult content (possibly with some slightly more detailed categorization, maybe as part of some sort of HTTP response header or metadata block inside videos and images) and then have parents enable software only on the devices accessible to their children that blocks the types of content they consider harmful to their child?

That would preserve privacy completely, allow no tracking, leave the decision which content is appropriate in the individual parents' hands instead of some centralized government one-size-fits-all solution,...

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 18, 2026 19:28 UTC (Wed) by raven667 (subscriber, #5198) [Link] (4 responses)

Having a header from the server response that the client can optionally filter on as an agent of the user makes a lot more sense to me and avoids nearly all the issues with the proposal, which might also be an indication that Meta's actual goals when drafting this legislation aren't the stated ones. You still run into cases where the state goes after websites for not putting the "right" content warning header based on differing local standards for what should be flagged, and maliciously to suppress disfavored speech, eg. suing Wikipedia to put content warnings on articles regarding human reproduction, which is a sensitive topic to some. That might lead to cases like California's labeling laws ("Substance may cause cancer") where a good faith attempt was made to improve information for citizens, but it was rendered useless due to poor definitions and malicious compliance.

Risk of bad "content warning" headers

Posted Mar 19, 2026 11:55 UTC (Thu) by farnz (subscriber, #17727) [Link] (3 responses)

Note that Prop 65 labels have failed because the market has deemed the Prop 65 labels irrelevant, and therefore there's no cost to putting a Prop 65 label on your product, but there is a cost to not putting one on your product if it needs one.

This is a big part of why I'd like content labels to be protective, not mandatory. If you can omit content labelling completely, and you're in the same place as today, but a content label protects you from legal action, then you have an incentive for parental controls to respect labels, and for content providers to put a label on the content they serve.

For example, if your law says something to the effect of "labelling is optional, but where the label is present and puts an age limit on it, civil and criminal cases against the content provider based on the viewer's age are automatically dismissed if the label shows that the viewer is too young, and civil and criminal cases against parental controls providers relating to this content are automatically dismissed if the parent overrode controls or the parental controls correctly refused access based on the label and the age of the viewer", then you have protective effects from the law, and it's in everyone's interests to label correctly and to respect labels.

Risk of bad "content warning" headers

Posted Mar 20, 2026 4:12 UTC (Fri) by raven667 (subscriber, #5198) [Link] (2 responses)

I understand but I don't agree that is how it'll play out in practice, I think its similar enough to the Prop65 case that there is little disincentive to labeling content as "adult" to avoid liability, so I predict that this kind of scheme would lead to over-labeling, and only stuff targeted directly at children, that already have enhanced liability due to holding data about children, would choose to label content as suitable for children, cutting minors off from a ton of useful and necessary information. Maybe that isn't really a bad thing as long as libraries exist and some sites like Wikipedia take a firm line in labeling their information for all ages, or special carve-outs are made for controversial information to protect it from being mislabeled and restricted, and of course parents could always disable client-side restrictions on a per-site or time-limited basis.

Risk of bad "content warning" headers

Posted Mar 20, 2026 8:54 UTC (Fri) by taladar (subscriber, #68407) [Link]

I think "adult" is just a bad label, too unspecific to work for anything but the narrowest set of laws or world views. I would suggest labeling the content as what it is to specified level of detail, then the blocking software can maintain the list of what is supposed to be allowed and what is supposed to be blocked on a more individual jurisidiction or parent basis.

Risk of bad "content warning" headers

Posted Mar 20, 2026 11:07 UTC (Fri) by farnz (subscriber, #17727) [Link]

In that case, I'd like to ask you to explain why the two systems that exist in the USA and work this way today haven't degenerated into "all content is labelled as adults only".

The MPAA system has the "NC-17" rating for "no children". And yet, we see films rated "G", "PG", "PG-13" and "R" all the time.

The ESRB system has an "AO" rating for "adults only". And yet, we see games rated "E", "E10+", "T", and "M" all the time.

The difference in all three cases to the Prop 65 measure is that Prop 65 creates a liability that did not exist before for unlabelled products, and says that you can lose that liability by labelling your product. The rating systems say that you have a liability whether or not you label your product, but by adding the label, you can restrict your liability by making it hard to argue that your content was appropriate for a child.

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 16, 2026 9:39 UTC (Mon) by geert (subscriber, #98403) [Link] (3 responses)

> Since tracking of minors is illegal in most jurisdictions, activating the flag on your own account (should you not want to peruse adult content) also can serve as a dual-purpose DO-NOT-TRACK flag.

Claiming you are a minor when you are not is fraud. And since you are not a minor, you can be punished, or punished more, than in the reverse case.
Also, make sure not to use that to enter "minors-only" chat groups...

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 17, 2026 8:24 UTC (Tue) by intelfx (subscriber, #130118) [Link] (2 responses)

> Claiming you are a minor when you are not is fraud

Could you please cite a law that makes it so (for the definition of "claiming" that we are discussing)?

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 17, 2026 8:50 UTC (Tue) by Wol (subscriber, #4433) [Link] (1 responses)

Common law?

Making a false claim is fraud. Whether it's illegal or not depends on both fraud and jurisdiction.

Cheers,
Wol

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 17, 2026 9:26 UTC (Tue) by intelfx (subscriber, #130118) [Link]

> Making a false claim is fraud. Whether it's illegal or not depends on both fraud and jurisdiction.

Well, the question (and the context) was about legal fraud, not moral fraud (or, in simpler words, lying). Not all lying is punishable by law. I was asking why exactly this specific instance of lying *would* be punishable.

Spoiler: it's meta/facebook. It's also a scam

Posted Mar 25, 2026 16:52 UTC (Wed) by anton (subscriber, #25547) [Link]

For an older child, buying the their own phone or reinstalling Windows will defeat this kind of measure.

A competent implementation is that every new phone or OS installation is only allowed the all-ages content. The user has to verify the age to be allowed other content. So your scenario will not happen with a competent implementation.

One issue is to verify the age without revealing more about the user. It is solvable, and AFAIK there are proposals that do this right, but I would not be surprised if Meta et al. lobbied for getting the full identity, and if the politicians fell for that.

Reddit link down (maybe temporarily); archive.today has it

Posted Mar 13, 2026 17:11 UTC (Fri) by apoelstra (subscriber, #75205) [Link] (2 responses)

The Reddit link is now censored (sorry, "awaiting moderation") but you can see the original text here https://archive.ph/qP6kR -- at least for as long as archive.today survives.

This is a great investigation and I appreciate Jon bringing it to our attention! I have been wondering this same thing myself.

Reddit link down (maybe temporarily); archive.today has it

Posted Mar 13, 2026 17:34 UTC (Fri) by lonely_bear (subscriber, #2726) [Link]

The author posted all his finding in https://github.com/upper-up/meta-lobbying-and-other-findings

Abandon archive.today please

Posted Mar 14, 2026 5:23 UTC (Sat) by notriddle (subscriber, #130608) [Link]

Here’s the same thing on megalodon.jp: https://megalodon.jp/2026-0314-1419-52/https://old.reddit.com:443/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/

Please don’t use archive.today. They’ve been caught tampering with their archive. Use Megalodon.jp or Archive.org’s Wayback Machine .

Meta?

Posted Mar 14, 2026 1:32 UTC (Sat) by ccchips (subscriber, #3222) [Link] (3 responses)

If Meta is heavily involved in moving this nonsense along, maybe they could figure a way to help open-source environments to implement whatever they have come up with? I am so tired of hearing the same story over and over--We love Linux, we use it all the time, we ain't gonna do this or that because bla bla bla....I would hope Meta isn't playing the same song.

Meta?

Posted Mar 14, 2026 2:10 UTC (Sat) by josh (subscriber, #17465) [Link]

That seems rather like missing the point. If someone's lobbying for bills to put cyanide in drinking water, the complaint shouldn't be "please help us implement it in local water treatment plants".

Meta?

Posted Mar 16, 2026 2:38 UTC (Mon) by motk (subscriber, #51120) [Link]

Why yes, the real issue here is not the incremental construction of an on-line only panopticon, it's the open-source work required.

Meta?

Posted Mar 17, 2026 7:19 UTC (Tue) by eduperez (guest, #11232) [Link]

Meta is involved because they are feeling the pressure (from the EU, for example) to implement age restriccions in applications and services. But they do not want to pay the bill or be responsible. Instead, they are pushing to pass the hot potato to the OS.

No, I do not think they will help anyone.

Wow meta

Posted Mar 14, 2026 14:21 UTC (Sat) by yabe (subscriber, #182624) [Link] (1 responses)

These companies were never intended to make the world a better place.

Wow meta

Posted Mar 15, 2026 17:09 UTC (Sun) by khim (subscriber, #9252) [Link]

I don't think we need to concentrate on that. Think Apple: we know that it was born out of desire to help people, at least we know Woz wanted that.

But if you are becoming a billion dollar business… you either play by the rules of billion dollar business or you are kicked out of your own company.

Arguing about “when exactly that happens” is rather pointless, we simply know that today all these companies work against people.

So.. is it revolution time?

Posted Mar 16, 2026 16:21 UTC (Mon) by jpeisach (subscriber, #181966) [Link] (9 responses)

This should be a bipartisan issue. I think now that people are aware of how lobbying works and are electing candidates that don't receive corporate donations, corps see this as the last chance.

It is never about one party vs the other, it is about the elite vs. the rest of society.

It just so happens that the US lets these things happen so easily because of its current political system.

So.. is it revolution time? +1

Posted Mar 16, 2026 23:51 UTC (Mon) by Alterego (guest, #55989) [Link] (8 responses)

It is a very huge danger for democracy, not only in the US, in Europe too, and the whole planet.
CEO are not democratically chosen , and only one man at the head of 1T$ company is a very bad thing.

Anti trust laws were a good idea, it is sad that they are not applied.

So.. is it revolution time? +1

Posted Mar 17, 2026 9:11 UTC (Tue) by kleptog (subscriber, #1183) [Link] (3 responses)

> It is a very huge danger for democracy, not only in the US, in Europe too, and the whole planet.

The US is unusually susceptible though, with very short (2 year) fixed election cycles, which means candidates are in a permanent state of reelection. Most other democracies have settled onto 4-5 year cycles, although parliaments can be dissolved at short notice sooner than that (Italy is a famous example). Countries with party lists make personal lobbying less useful. Two-party systems make lobbying more effective.

ISTM the US really is the worst possible case of all the options.

> Anti trust laws were a good idea, it is sad that they are not applied.

Anti-trust is one of the very few areas the EU Commission can act without influence from the member states. The problem is those cases take a *very* long time.

So.. is it revolution time? +1

Posted Mar 17, 2026 18:10 UTC (Tue) by rgmoore (✭ supporter ✭, #75) [Link]

Anti-trust is one of the very few areas the EU Commission can act without influence from the member states. The problem is those cases take a *very* long time.

It takes a long time to try to force a big company to split up, but it's easier to keep it from getting too big in the first place. Facebook/Meta didn't get where it is purely through organic growth; it bought up a lot of competitors like Instagram and WhatsApp along the way. Most of those purchases required regulatory approval. If regulators had done their job and blocked those acquisitions as anti-competitive, Meta probably wouldn't have monopoly power today. The same thing is true of most of the nastiest tech monopolists; regulators gave approval for all kinds of buyouts that never should have been approved.

So.. is it revolution time? +1

Posted Mar 17, 2026 18:17 UTC (Tue) by bobolopolis (subscriber, #119051) [Link] (1 responses)

> The US is unusually susceptible though, with very short (2 year) fixed election cycles, which means candidates are in a permanent state of reelection.

Members of the House of Representatives have two year terms, but others are longer. The president has a four year term (limited to two terms) and the Senate has six year terms. The terms in the Senate are offset so that every two years, 1/3 of the Senate is up for reelection.

So.. is it revolution time? +1

Posted Mar 17, 2026 20:20 UTC (Tue) by rgmoore (✭ supporter ✭, #75) [Link]

I think the really big thing with the American system is that there are no financial or time limits on campaigning. Many other countries limit explicit campaigning to a relatively short period before the election, which is easier when elections can be called on short notice. And as far as I can tell, the US is the only country that lets politicians spend as much money campaigning as they can get their hands on and lets third parties who have already reached their contribution limits spend money independently of the campaigns. The combination of those things makes American elections especially vulnerable to big money influence.

So.. is it revolution time? +1

Posted Mar 17, 2026 21:42 UTC (Tue) by rgmoore (✭ supporter ✭, #75) [Link] (3 responses)

CEO are not democratically chosen , and only one man at the head of 1T$ company is a very bad thing.

Yes and no. Corporations typically have elections, so the board of directors and CEO have some level of accountability to the shareholders. If they destroy profitability, get in trouble with the law, or just decide to branch out into an area the shareholders think is stupid, they can be removed and replaced with someone the shareholders trust more. It's unusual for a board or CEO to lose that confidence, but it does happen. It's very likely that the threat of being thrown out is enough to keep people from going completely rogue. They have some idea of what they can and can't get away with, so they avoid going too far and triggering shareholder reactions.

What's really dangerous with some of the tech companies is that they've bypassed those normal rules. They have a special class of stock given only to their "founder figure" that gives that person many times the normal voting power, but which reverts to being ordinary stock if they ever sell it. The net result is that the long-term boss has no accountability. Their special shares let them outvote the rest of the shareholders and maintain dictatorial powers regardless of how much they mess up and make the other shareholders want to depose them.

So.. is it revolution time? +1

Posted Mar 18, 2026 15:43 UTC (Wed) by raven667 (subscriber, #5198) [Link]

Bit of a side tangent; I like the idea that corporations have some democratic flavored control and feedback mechanisms, but right now the only stakeholders represented are the capitalists which are not the only or most important people affected by the actions of company executives, aside from legislating out of existence magic forms of stock that preference one capitalist over another, I think that the workers should be in a union and that should have equal representation to the shareholders on the board, in addition I think that government regulators who inherit their authority from the whole population should also have seats on the board, rather than operating outside the defined corporate structure. Then you can get proper feedback and negotiation of priorities by _all_ the people affected, and ideally the board and executives can be held accountable for making better and less shortsighted, single-minded decisions.

So.. is it revolution time? +1

Posted Mar 19, 2026 1:06 UTC (Thu) by davecb (subscriber, #1574) [Link] (1 responses)

It's slightly worse with corporations. The rule is basically "one dollar, one vote" (I'm using a share price of $1.00). This is more than a little different of how governments work.

So.. is it revolution time? +1

Posted Mar 19, 2026 8:20 UTC (Thu) by Wol (subscriber, #4433) [Link]

The other massive problem is pension funds!

So much money now is force-funneled into funds, where you may have thousands of peoples' "vote" exercised by a fund manager, who has a completely different set of priorities. Worse still, those priorities may be grounded in legislation that means he has no choice but to vote against the people whose funds he is managing...

Classic example - does a pension fund (I'm assuming corporate, but again those have been pretty much driven out of existence by legislation) give a bit of help to the company to help keep the fund members in work, or does it vote to liquidate the company to preserve capital, and throw all its members out of work? That's admittedly an extreme example, but at present we're far too close to the "throw the members out of work" end of the scale.

Cheers,
Wol

One (alas not so) simple answer : boycott

Posted Mar 16, 2026 23:42 UTC (Mon) by Alterego (guest, #55989) [Link] (2 responses)

Each one of us can do a simple thing : bocott and leave all gafam
Each FB account gave 100$ to Mr Mark Z, and a value of near 1000$ to Meta, while there are accounts in it.
When the number will decrease, the stock price will follow and the bublle will burst.

One (alas not so) simple answer : boycott

Posted Mar 17, 2026 1:47 UTC (Tue) by higuita (guest, #32245) [Link] (1 responses)

And that mean deleting your facebook account(s), but also your family and friends, break the cycle by creating a new delete cycle.
Also mean stop using and deleting instagram, whatsapp, threads, messenger... and dump Meta Quest VR (ie: Oculus) and Horizon worlds (if anyone even used that).

Notice how Meta control 3 chat solutions, clearly it is a gold mine for them

One (alas not so) simple answer : boycott

Posted Mar 17, 2026 2:03 UTC (Tue) by dskoll (subscriber, #1630) [Link]

I have done all of that. No Facebook, no Instagram, no Whatsapp, nothing from Meta.