Report: Yoti age-verification tool collects excess device data

A paper presented at the IEEE Symposium on Security and Privacy on May 18 finds that Yoti, the age verification software used by '60 percent' of websites and services requiring age checks, including PlayStation, Meta and TikTok, collects more private information than is strictly necessary to verify age.

'Papers, Please: A First Look at Age Verification on the Web,' by researchers at the Georgia Institute of Technology and the University of California, says Yoti gathers high-resolution device data during checks — OS version strings, available RAM, connection type and CPU architecture — information that does not appear necessary to estimate a user's age.

The paper warns that such uniquely identifiable data could allow unpermissioned tracking of a user's device. It also finds Yoti shares sensitive information with less user-visible fourth parties, including payment processor Stripe, which reportedly collects significant telemetry and scrapes the first-party website used for verification.

yoti, age verification, device data, os version, ram, cpu architecture, connection type, device tracking, stripe, tiktok