San Jose, CA – A high school student’s classroom experiment has revealed potential vulnerabilities in widely used online age verification tools after he successfully bypassed multiple systems using simple disguise techniques, raising fresh questions about the reliability of safeguards designed to keep minors off adult websites.
The 15-year-old student, who requested anonymity due to his age, said the project began as part of an advanced applied computer science course focused on real-world testing of digital systems. His goal was to evaluate how well facial age estimation software could detect and prevent underage users from accessing restricted content.
“I wanted to see how these systems actually perform outside of ideal conditions,” he said. “So I tried different variables, and one of the simplest was just adding a fake Santa beard.”
According to the student, the results were striking. Testing across several commercially available platforms, including a prominent age verification system known as AgeGuard AI, he reported successfully bypassing age verification checks approximately 70 percent of the time when using the disguise.
“It wasn’t just one site,” he said. “I tested multiple systems, and in most cases, it worked. Sometimes lighting or angles mattered, but overall it was surprisingly easy.”
The systems he evaluated rely on artificial intelligence to estimate a user’s age based on facial features, skin texture, and bone structure, often marketed as a privacy-conscious alternative to requiring government-issued identification.
As part of the project, the student said he also explored other low-tech methods to influence results. These included drawing on subtle age indicators such as crow’s feet and age spots, adjusting lighting to create harsher facial shadows, and experimenting with camera angles to emphasize more mature facial structure. He said these techniques further improved his success rate in certain cases.
Industry insiders say the findings, while concerning, are not entirely unexpected.
“This technology was never truly foolproof, despite how it may be presented,” said one employee at a company that develops age verification software. “It performs well under standard conditions, but introduce variables like costumes or obstructions, and accuracy can drop off.”
The student’s parent said they were initially unaware of the scope of the project but came away unsettled after reviewing the results.
“You hear about these protections and assume they are pretty solid,” the parent said. “But if a teenager can get around them with something from a holiday costume bin, that is a problem.”
Experts in digital identity and online safety say the experiment highlights a known tension between usability, privacy, and effectiveness.
“Facial age estimation is inherently probabilistic,” said Dr. Karen Ellison, a researcher in online safety systems. “Teenagers exist in a gray zone where small changes in appearance can push them across perceived age thresholds. Add artificial elements like facial hair or makeup, and you can meaningfully influence the outcome.”
The findings are already being cited by proponents of stricter age-restriction enforcement, who argue that current safeguards do not go far enough. Several advocacy groups and industry coalitions have been lobbying lawmakers to adopt more rigorous verification standards, including requirements for users to upload government-issued identification, submit to database cross-checks, or verify age through financial instruments such as credit cards or banking credentials.
Supporters of these measures say stronger systems are necessary to meaningfully prevent underage access.
“If the goal is to actually keep minors out, then friction has to increase,” said one policy advocate affiliated with a digital safety nonprofit. “Facial estimation alone is not enough. You need layered verification that ties a user to real-world identity.”
However, critics warn that such approaches could introduce significant privacy risks, including data breaches, identity theft, and the creation of large repositories of sensitive personal information tied to browsing habits.
“There is a tradeoff here,” said Ellison. “The more accurate and enforceable you make these systems, the more personal data you require. That raises serious questions about how that data is stored, who has access to it, and how it might be misused.”
Companies behind these systems acknowledge the limitations and say improvements are ongoing.
“No age assurance method is perfect, and adversarial testing is an important part of strengthening these tools,” said a spokesperson for a major verification provider. “We are continuously refining our models to better detect spoofing attempts and reduce error rates.”
The student said he documented his methodology and results as part of his coursework, emphasizing that the project was intended to analyze system performance rather than exploit it.
“This was about understanding the technology, not abusing it,” he said. “If anything, it shows there is still work to be done.”
Truth Bureau 