Durov Raises Alarm: EU's Age Verification Tool May Open Door to Mass Surveillance
Pavel Durov, CEO of Telegram, referenced reports that the European Union's latest age verification application was compromised within minutes, cautioning it may pave the way for expanded digital identity surveillance.
On Friday, Pavel Durov, the chief executive of Telegram, issued a warning that the European Union's recently developed age-verification application may serve as a gateway to more extensive online identity surveillance systems, coming just days after the European Commission announced the technology was prepared for deployment.
Through a Friday post on Telegram, Durov referenced the findings of Paul Moore, a security consultant who asserted the application can be compromised in "under two minutes" following his technical examination of its architecture.
This product will be the catalyst for an enormous breach at some point
Paul Moore, security consultant
In a Thursday post on X, Moore elaborated that the system is vulnerable to manipulation, allowing the age verification process to be decoupled from the legitimate user or their hardware device.
According to Durov, the security vulnerabilities extend far beyond simple age verification and could eventually be leveraged to support more comprehensive identity verification requirements throughout European online platforms.
The backlash highlights an ongoing controversy surrounding the implementation of age verification mechanisms in digital platforms, as regulatory bodies across various jurisdictions advance comparable frameworks, triggering anxiety about security vulnerabilities and digital identity systems.
In July 2025, the European Commission unveiled the initial iteration of its age-verification framework, intended to enable users to demonstrate they have reached the age of 18 without surrendering additional personal details.
Developed as an open-source initiative, the age verification system was engineered to maintain user privacy while supporting future compatibility with European Digital Identity Wallets.
On Tuesday, in an official statement, Ursula von der Leyen, President of the European Commission, declared that the EU's age verification application is "technically ready," characterizing the platform as "completely anonymous" and asserting users have the ability to confirm their age without exposing personal information or being subject to monitoring.
Nevertheless, following reports from researchers indicating the system can be circumvented within minutes, questions remain about whether its commitments to privacy and security will withstand practical implementation.
In Durov's assessment, the application is "hackable by design," implying it was constructed in a manner that renders it vulnerable to exploitation in actual usage, which he contends could subsequently be leveraged to rationalize more stringent identity verification requirements.
The EU bureaucrats needed an excuse to silently start turning their 'privacy-respecting' age verification app into a surveillance mechanism over all Europeans using social media
Pavel Durov, Telegram CEO
Durov has positioned himself as a prominent champion of free expression and digital privacy rights. Currently, he faces ongoing judicial scrutiny in France concerning accusations related to illicit activities enabled via Telegram, encompassing organized crime, fraudulent schemes and the platform's purported refusal to collaborate with law enforcement agencies.