Would you trust a monopolist with your porn viewing history? Thanks to the UK government’s new “porn block”, you might have to. These new rules, which require porn sites to verify their users’ ages, have led most to adopt a single service called AgeID. Today the Open Rights Group has highlighted that AgeID may become an age verification monopolist, with worrying consequences for users.

But a simple change to the open banking APIs could avoid this tendency towards monopoly and improve privacy, reducing some of the risks associated with the porn block – though it cannot eliminate them.

Online porn streaming is already a fairly concentrated market. MindGeek, the Canadian company that owns Pornhub, the most popular porn streaming site on the internet, also owns YouPorn and Redtube, and has a 70 per cent share of the overall porn streaming market. MindGeek also lobbied for the introduction of the government porn block and just so happens to own AgeID.

Online identity verification is a cumbersome process. Users who sign up are at risk of identity theft because they have to upload a photo of one or more identifying documents like their passport or a utility bill that proves that they are who they say they are. These usually have to be reviewed by a human, so the process takes some time as well. Alternatively, in the case of AgeID, people can buy a pass from a physical store like a newsagent, where the shopkeeper is supposed to check their ID.

MindGeek plans on letting other sites use AgeID as well as its own. Any of MindGeek’s rivals that do not use AgeID will have to get customers to sign up all over again to use their own identity verification service, which will put many would-be users off. For most, the path of least resistance may be to sign up to AgeID and not bother with an alternative.

All of this may lead porn users to stick with one service after they have signed up to it, and concentrate the market on AgeID, with substantial barriers to entry faced by any potential competitor.

The costs of this may be quite significant. There is a privacy risk, of course: any database can be hacked, and AgeID’s will be a tempting target for blackmailers who want to embarrass people by revealing the websites they have signed up to. MindGeek’s properties have a history of data breaches, including a leak of 800,000 paying users’ details in 2016 and the leak of one million YouPorn sex chat users’ details in 2012.

As the Open Rights Group says, AgeID may also end up tracking users more than it claims – MindGeek says it is keeping the company separate from the rest of its business, but nothing in law is stopping it from changing its mind in the future, and it may not be clear to users about how much data it is gathering.

Without competition, AgeID may simply end up offering a worse service to users: a clunkier, slower, more expensive or more insecure service than it could. Or MindGeek could start to impose more difficult terms on its rivals, furthering its dominance of the porn streaming market.

One solution to this might be to take advantage of existing identity checks that users have done when they’ve signed up to their banks. Banks have to verify new customers’ identities by taking copies of their passport and utility bills, or video recordings of those customers and photos of their passports.

Modifications to open banking could allow bank customers to share data on their identity and their date of birth with third parties in a double-blind way that stops their bank from knowing the site they want to visit, or the site they’re visiting from knowing their identity.

In this case, an intermediary service could sit in between the user’s bank and the website, receiving a request for age verification from the website, checking it against the user’s bank, and confirming or denying to the website that the user was old enough to access the site.

AgeID could, of course, also be an intermediary of this kind, but in this scenario it would face more competition and have a stronger incentive to behave well. Easier identity verification would lower barriers to entry for rivals to AgeID, so users and non-MindGeek properties could more easily use alternatives that offered something better.

There would be less of a tendency towards a single player in the age verification space, and more scope for competition on the basis of security and privacy. The risks associated with mandatory age verification would not go away, but they would be reduced.

Reasonable people can disagree over whether the porn block is a good policy. But given that it seems to be on the way in, we should not be increasing the cost and risk to adults who choose to use porn sites. They deserve the choice and privacy that a monopolist will not give them.

Written by Sam Bowman

Policy and technology at Fingleton Associates.