When one of the world’s largest adult platforms begins lobbying Apple, Google, and Microsoft to redesign online identity, the conversation reaches far beyond adult content. Aylo, the parent company of Pornhub, has launched a campaign urging the tech giants to take over a task that has increasingly fallen to websites themselves: verifying a user’s age before they can view explicit material.

Aylo’s proposal is straightforward on its surface. Instead of requiring every adult site, app, or platform to collect sensitive documents from users, the company wants age verification to happen once, at the device or operating system level.

After that, the device would send a simple yes-or-no signal to any site requesting confirmation. The company frames the idea as a way to reduce repetitive ID checks and limit the risk of data leaks.

But behind that framing sits a much larger question about who controls identity on the modern internet.

The push comes as age verification laws sweep across the United States and the United Kingdom, forcing adult sites to demand IDs, biometric scans, or third-party verification from users who want to access content. Many platforms have chosen to block traffic from states with strict laws instead of implementing verification systems. Pornhub’s decision to comply with Louisiana resulted in an 80 percent drop in viewership; the company saw a similar decline in the UK under the Online Safety Act.

Aylo argues that current site-level systems “are fundamentally flawed and counterproductive.” Every time a site requests a government ID, it expands the number of companies handling sensitive personal data. The company claims that centralizing age verification on the device would reduce those risks and streamline compliance.

The model Aylo proposes resembles other system-level “safety” features already built into phones and computers. Apple Wallet and Google Wallet can already store government IDs. Browser developers are integrating the Digital Credentials API. The infrastructure for a universal identity layer is already halfway built. Aylo simply wants age assurance hooked into it.

California has already adopted a version of this approach. The Digital Age Assurance Act, or AB 1043, requires operating systems to collect a user’s age or birth date during account creation and allows apps to request age signals at launch. In a conversation with the media, Pornhub vice president of brand and community Alex Kekesi called the law “interesting because it gets it almost exactly right.”

The benefits of device-based checks are clear at first glance. One-time verification reduces the risk of data leaks. Users don’t have to hand over IDs to dozens of unknown sites. And smaller developers who don’t have the resources to implement full identity tools could rely on the device instead.

But centralizing identity around operating systems also places enormous power in the hands of a few companies that already dominate the digital ecosystem.

A universal age flag built into iOS, Android, and Windows becomes another mechanism of control. Independent browsers, Linux distributions, and community-built tools may be forced to support government-linked identity systems simply to remain compatible with mainstream devices. The result could be a slow erosion of the open web in favor of tightly controlled platforms.

There are privacy concerns as well. A device-level ID system would create new opportunities for tracking. Once identity signals are tied to hardware, users have fewer ways to compartmentalize their activity. Platform vendors gain deeper visibility into browsing behavior, and the ability to throttle, restrict, or shape access based on identity becomes technically easier.

One challenge is the growing diversity of devices. Modern computing is no longer limited to phones and laptops. Smart TVs, gaming consoles, streaming boxes, car dashboards, and even household appliances run software stacks of varying maturity and security. Requiring these devices to participate in age checks would impose new engineering burdens on manufacturers who have never handled identity data at this scale.

Many devices receive irregular software updates; some never receive updates at all. A system-level ID requirement could create a fractured ecosystem where newer devices support strict verification but older ones either fail to enforce it or rely on weak, hastily added solutions. That inconsistency introduces new vulnerabilities and raises the risk of identity data being mishandled.

Aylo’s push comes as age verification laws reshape the adult industry. Pornhub has argued that the patchwork of state-level regulations has driven users toward unregulated platforms with no safeguards at all. According to Kekesi, “We have seen an exponential surge in searches for alternate adult sites without age restrictions or safety standards.”

Industry advocates say this mirrors a pattern seen during Prohibition: users migrate toward platforms with fewer rules, often hosted overseas, where illegal content is more prevalent. Mike Stabile of the Free Speech Coalition argues that these laws have “been great for criminals, terrible for the legal adult industry.”

Both Pornhub and industry groups say they support keeping minors off adult sites. Their dispute is not about the goal, but the method.

Google said it is committed to child safety and pointed to its Credential Manager API as an example of new age assurance tools for websites. But it noted that adult entertainment platforms will always need to meet stricter requirements due to legal obligations.

Microsoft declined to comment directly, instead referring to a recent policy statement arguing that age assurance should occur at the service level and target specific risk features, not be universally applied.

Apple also declined direct comment, noting that web content filters are enabled by default for users under 18. The company’s existing tools require children under 13 to have supervised accounts, but Apple currently has no way to require every website to integrate an age verification API.

Beyond the adult sector, age verification laws are beginning to hit gaming, social media, and everyday online services. In Australia, a new law will soon remove anyone under 16 from Facebook, Instagram, and Threads.

In the United States, these bills have been heavily backed by faith-based groups opposed to legal adult content, as well as third-party verification companies that stand to profit from widespread ID requirements. Critics warn that the political push for “safety” often masks a broader goal of reshaping the internet around identity-first infrastructure.

Aylo argues that its proposal provides a path toward balancing child safety with user privacy. “Every phone, tablet, or computer should start as a kid-safe device,” Kekesi said. “Only verified adults should unlock access to things like dating apps, gambling, or adult content.”

Supporters of the California model believe it could become a nationwide template.

“We obviously see that there’s kind of a path forward here,” Kekesi said.

Whether that path leads to a safer internet or a more centralized, less open one may depend on who ultimately gets to build the identity layer that Aylo now wants operating systems to control.