Save this storySave this storySave this storyYou're reading Infinite Scroll , a weekly column by Kyle Chayka about how technology shapes culture.
The Tea app is a digital platform for women to connect. Men are not allowed to participate. To become a member, applicants must provide proof, including a selfie, that they are female. Once registered, users are given access to men’s profiles with annotated information like background checks and dating reviews; men with questionable reputations are red-flagged. After its launch in 2023, the Tea app went largely unnoticed for two years. However, in July, thanks to TikTok and Instagram videos showing how the app helps identify suspicious individuals, it reportedly received over two million new user requests. It might have been just another startup success story if the app hadn’t suffered a data breach on July 25, in which selfies, ID photos, posts, and private messages from users began appearing on the anonymous forum 4chan. Tea was supposed to delete users’ documents after checking them, but the app apparently failed to do so. (The company claimed that all of the leaked material was years old, which is likely cold comfort to the victims of the leak.) A Gen Z internet privacy activist named May, who asked that her last name not be used, followed the leak and worried about the implications for women who thought they were communicating in a safe space. “People can see that you posted something about a guy,” May said. “Now he can attack you.” (Tea did not respond to requests for comment.)
Tea’s data breach symbolises the dangers that arise when we link our real-life identities to our online activities. Yet linking identity to digital access is precisely what is being mandated by a new wave of laws coming into force around the world, with bills pending in the US. On the same day that Tea’s data breach was discovered, the Online Safety Act (OSA) came into force in the UK. The law requires online platforms to implement age verification to prevent underage users from accessing “harmful or inappropriate content” such as pornography and material that may promote eating disorders, bullying, hatred or substance abuse. While such laws theoretically protect minors, in practice they affect users’ entire online experience. Ultimately, to determine who is a child online, sites must also determine who is not. Adults in the UK now have to upload ID photos with their birth dates or pass other tests — like facial recognition (like a selfie), bank account verification, or credit card verification — to be able to watch certain music videos on Spotify or create new social media accounts without restrictions. Eric Goldman, an associate dean at Santa Clara University School of Law who has studied online age verification, told me that these changes could destroy what’s left of the open internet, which was built on free access to almost any content. “We’re seeing the internet as we know it being destroyed in real time,” he added.
It’s up to publishers to enforce these rules and define what counts as “harmful.” Reddit has been particularly proactive in enforcing the OSA in the UK, requiring age verification to access subforums covering topics like Alcoholics Anonymous, medical marijuana, and menstruation. Discord requires UK users to verify their age if they want to make moderation changes, such as turning off message requests. X, Grindr, and Bluesky are also implementing various forms of verification. Users, in turn, are developing ways to bypass these barriers without revealing their identities. Virtual private networks (VPNs) can make it appear as if someone is accessing the internet from another country; one VPN provider reported an 18 percent increase in daily UK sign-ups after the introduction of OSA rules requiring age verification. Some people use AI-generated images or screenshots from video games to fake their identities.
Shoshana Weissman, the director of digital media at the R Street Institute, a libertarian-leaning think tank, told me that these rules might seem, at first glance, analogous to those at a liquor store or nightclub, where patrons are required to show identification—just another small thing we take for granted. But a retailer’s view of an ID is very different from a website that stores personal data or tracks users’ activities. As the Tea leak showed, any age-verification system that stores user data is vulnerable and could threaten users’ privacy. In short, the new security laws are eroding the relative anonymity we’ve come to expect online, even as social media has blurred the lines between our physical and digital lives. Some users may certainly decide that their privacy isn’t worth sacrificing in order to access online material, which means fewer people who might benefit from a supposedly private space like Alcoholics Anonymous will end up accessing it. As Goldman put it, “Age authentication requirements are narrowing
Sourse: newyorker.com
