I am ideologically firmly opposed to age verification systems, especially those that claim to protect children by violating the privacy of adults. I refuse to support such mechanisms because this is a disproportionate response that creates more harm than it prevents.
To this end, I will publish, and continue publishing, every possible workaround that exists, allowing users to bypass these checks. On Twitter, as well as any other website that dares to violate everyone’s privacy by requiring them to violate their own anonymity.
Special guest: Socram
Socram developed a user script that allows users to bypass Twitter’s age verification mechanism.
How the script Works
The userscript employs a clever technique to bypass X/Twitter’s age verification modal. Here’s the technical breakdown:
XMLHttpRequest Interception: The script hooks into the browser’s XMLHttpRequest system by overriding the
sendmethod. This allows it to intercept all HTTP requests made by the Twitter web application.Response Modification: When Twitter’s servers send back a JSON response, the script checks if it contains age verification data. Specifically, it looks for responses that would trigger the age verification modal.
Field Renaming: The bypass works by performing a simple but effective modification - it renames the JSON field
"interstitial_action"to"interstitial_action_"(adding an underscore). This is done using a string replacement:1responseText.replaceAll('"interstitial_action":"', '"interstitial_action_":"')Client-Side Confusion: When Twitter’s JavaScript code looks for the
interstitial_actionfield to determine whether to show the age verification modal, it can’t find it (because it’s been renamed). Without this field, the age verification flow never initiates, and users can continue browsing normally.
The elegance of this solution lies in its simplicity - rather than trying to fake verification or break complex cryptographic checks, it simply prevents the verification prompt from ever appearing by making a tiny modification to the response data before Twitter’s code processes it.
This approach works because the age verification check happens entirely on the client side, making it vulnerable to this type of manipulation. A more robust implementation would require server-side enforcement, but that would require Twitter to fundamentally change how content is served to unverified users.
Why I oppose age verification
Now, it is true that websites offering pornographic content to children are in breach of the law; however, I don’t believe these age verification mechanisms are proportionate. First, because children who want to access pornography will find a way, and second, because websites that are already distributing illegal pornography are obviously not going to comply with age verification checks, which means children might be exposed to the most horrible and harmful forms of pornography.
Historical precedent: When prohibition backfires
History offers clear lessons about age-based restrictions backfiring. America’s Prohibition era (1920-1933) didn’t stop alcohol consumption - it drove it underground, creating a more dangerous environment. Speakeasies didn’t check IDs, bootleggers sold poisonous moonshine, and organised crime flourished. Youth drinking actually increased.
The same pattern repeats with digital age verification:
Pushing activity underground: Compliant sites lose users to unregulated, offshore platforms - exactly where we don’t want children going.
Creating new dangers: Just as Prohibition replaced regulated beer with dangerous bathtub gin, age verification pushes users from mainstream platforms to sketchy alternatives with zero moderation.
Teaching circumvention: When everyday activities require bypassing restrictions, we normalise breaking security systems. Today’s fake IDs are tomorrow’s identity theft.
The lesson is simple: prohibition doesn’t eliminate demand, it just makes supply more dangerous. Age verification creates the very risks it claims to prevent while building surveillance infrastructure that threatens everyone’s privacy.
Protecting children
John Jonik made this in the early 2000s, and it seems little has changed since then.
The Internet is a dangerous place, but the reality is that making website owners liable for “Protecting Children” (for a given definition of protecting children) is setting a very dangerous precedent, and a slippery slope by which parents are completely excused for the behaviours of their children, including accessing illegal content online.
Why aren’t parents, or even the children themselves, liable for the kind of content they access online?
EFF also outlines how blocking harmful content does not protect children [archived version].
The normalisation of violating privacy online
This is, in my view, the worst part of this. It’s not just violating the privacy of adults, but also normalising the fact that anyone over the Internet can ask you for a copy of your government ID, and store it who knows where, for how long, and under what security measures. This happened recently, too: BBC: Hackers steal images from women’s dating safety app that vets men [archived version].
You can change your password, but not your face or ID. It takes a single data breach for your private information to be permanently exposed to criminals, offering them ways to perform identity fraud, and worse.
And this is also fundamentally different from a bouncer asking you for your ID: The bouncer can take a look at your ID, and then hand it back, allowing you to enter, or denying you access. But they would never take a picture or scan your ID, and store it indefinitely, which is exactly what we are doing with these age checks.
Conclusion
Age verification systems are merely security theatre that violates everyone’s privacy while failing to protect the very children they claim to shield. That’s why I’ll continue to publish every workaround and bypass method I discover, starting with Socram’s script above. If you know of other bypasses for age verification systems - whether for Twitter or any other platform - feel free to contact me on my social links; together we can preserve everyone’s safety online against this disproportionate overreach.