Privacy

• Spotify is now asking UK users to prove their age to access mature content
• The age verification checks have been introduced as part of the UK's Online Safety Act
• Spotify says it will present age checks if it suspects you're under 13, but many users have encountered checks despite being over 18

Spotify has become the latest app to introduce measures designed to comply with the UK's Online Safety Act, by asking users to undergo age verification checks if they want to view or listen to age-restricted content – and many users aren't happy.

The age verification requirements of the Online Safety Act came into effect from July 25, and requires all platforms that display adult content to verify that users are over 18 using age verification checks.

So far, we've seen the likes of Xbox, Discord and Reddit introduce age verification, and now Spotify has done the same.

Latest Videos From TechRadar

Like Reddit and X, Spotify has partnered with digital identification firm Yoti, a service that conducts age checks via facial scanning. For Spotify users, Yoti will use different means of age verification, from facial scanning to requesting a scan of your ID if it suspects you’re under 13 (Spotify’s minimum age requirement).

It will also use algorithmic methods to estimate a user’s age. But Spotify is taking it a step further, stating in its official outline that "your account will be deactivated and eventually deleted" if you fail to complete the age verification process.

While Yoti claims that your data will be kept safe, and eventually deleted, the new requirement has caused uproar among some Spotify users.

Some have take to forums such as Reddit to point that young people are clever enough to find ways around the checks, for example using a VPN to change their location to somewhere other than the UK – and a minority have even threatened to revert to piracy (see below).
What is ‘mature content’ in Spotify?

A phone on a green background showing a Peaches album on Spotify
(Image credit: Spotify)

This is the burning question among Spotify fans, considering the music streaming app doesn't host X-rated content on the same scale as Reddit or X. However, the platform does have certain features that are aimed at mature users.

In Spotify's case, you may be asked to verify your age if you try to "access some Spotify content and features, like Music videos that are labeled as 18+ by rightsholders". This could also apply to podcasts that discuss mature content and songs with explicit lyrics.

Fortunately, there is a way back if your account becomes deactivated due to an inaccurate age estimation. According to Spotify, you'll get an email that "allows you to reactivate your account within 90 days of deactivation", after which you'll need to go through age verification checks again.

So far, I haven’t been asked to verify my age in the Spotify app when trying to access mature podcasts and music videos, but a handful of users on forums like Reddit who are well over the age of 18 have have already encountered the checks.
Why have VPNs become so popular?

Spotify has explained in various community posts that it isn't designed to work with VPNs, and you naturally shouldn't use one to circumvent any age verification checks.

However, this hasn't stopped free VPNs from dominating Apple's UK App Store, as internet users look to find ways of protecting their data from future breaches, or perhaps even bypass those checks completely.

VPNs work by encrypting your internet traffic, but they're not all equal – so it's important to choose the right one for your needs. Free VPNs can log an excessive amount of data, which could ultimately put your privacy at risk, and sometimes lack important security features.

I'm looking at self-hosting SearXNG. I have an old Win 11 machine and figure this might be the only way it can be useful.

Two questions I haven't seen answered so far:

1. I would be hosting on my own home network, which is on a VPN 24/7, but for added privacy my devices are sometimes on VPN connections to other IPs. So I need to know the external IP of the instance to be able to find it. Are there any added measures I should put in place to prevent randoms looking at IPs or port scanning from finding the instance and going to town?

2. If this is on my home network anyway, are there any risks of data leaking or triangulation of, say, referrals or image searches that would just point back to my home network?

My threat model is for big tech to leave me alone, so it's not exactly huge stakes, but I also don't want to bother self-hosting if added complexity makes it not worth it.

https://deflock.me/

The High Court of Justice in London has dismissed a legal challenge presented by the Wikimedia Foundation in regards to the UK’s Online Safety Act (OSA) Categorization Regulations. This decision by the court means that Wikipedia doesn’t have the immediate legal protections that it had hoped for.

The Wikimedia Foundation’s challenge targeted regulations that risk imposing the OSA’s most stringent obligation (Category 1 duties) on Wikipedia. This case was notable as it was the first legal challenge against the OSA’s Categorization Regulations; however, the dismissal is a significant setback for the foundation’s proactive legal strategy.

EU parliament accepted a last minute amendment, mandating age verification for pornographic (whatever that is) content online, punishable with up to one year prison sentence.

This was rolled into a directive concerning CSAM. Because adults accessing porn need to be de-anonymised to avoid child exploitation?

Some press releases: (1), (2), (3)

(Above link with skipped Paywall)

Summary by Andi:

A teenage hacker named Reynaldo Vasquez-Garcia discovered that the Halo 3C vape detector, which looks like a standard smoke detector in school bathrooms, contained hidden microphones and security flaws that allowed it to be turned into a secret listening device[^1].

Working with another hacker known as "Nyx," Vasquez-Garcia found the device could be hacked by exploiting weak password controls and firmware update vulnerabilities. Once compromised, attackers could use it to eavesdrop on conversations in real-time, disable its detection capabilities, create fake alerts, or play audio through its speaker[^1].

The researchers revealed these findings at the 2025 Defcon hacker conference, demonstrating how any hacker on the same network could hijack a Halo 3C by brute-forcing passwords at 3,000 attempts per minute. The device's firmware could also be modified since its encryption key was publicly available in updates on the manufacturer's website[^1].

Motorola, which owns the Halo 3C's manufacturer IPVideo Corporation, said it developed a firmware update to address the security flaws. However, the researchers argue this doesn't solve the fundamental privacy concern of having microphone-equipped devices installed in sensitive locations like school bathrooms and public housing[^1].

[^1]: Wired - It Looks Like a School Bathroom Smoke Detector. A Teen Hacker Showed It Could Be an Audio Bug

Archive : https://archive.is/7I7mK