As the new school year kicks off in August 2025, families across the United States are confronting a digital landscape that’s more complex—and potentially perilous—than ever before. With children increasingly relying on the internet for both learning and leisure, the question of how to balance online safety, privacy, and regulatory compliance has become a front-burner issue for parents, educators, and technology companies alike.
According to the Better Business Bureau’s (BBB) 2024 Scam Tracker Risk Report, 22.9% of surveyed adults have children under 18, and a striking 9.7% of those reported their children had been targeted by scams. Nearly half of these scams began online, with fraudsters leveraging social media, phone calls, text messages, gaming platforms, email, and phone apps to reach their young targets. As Don O’Brien, regional director for the Quincy Better Business Bureau, put it, "Adults aren’t the only ones who can be targeted by a scam online."
Children’s online activities—from submitting schoolwork to playing games with friends—provide ample opportunities for scammers to exploit inexperience and curiosity. Common pitfalls include phishing links, suspicious mobile apps, and free downloads that can conceal malware or viruses. O’Brien and the BBB emphasize that teaching children to “share with care” is essential, as anything posted online can last a lifetime and personal information can be used to guess account logins or passwords.
Parents are advised to model good online habits, monitor their children’s internet usage, and consider using parental controls. The BBB also recommends learning privacy terms together—such as cookies, third party, and monetization—to help kids understand how their data might be used. Additionally, families are encouraged to consult resources like the Family Online Safety Institute’s Good Digital Parenting portal, the Children’s Online Privacy Protection Act (COPPA), and the Children’s Advertising Review Unit (CARU) for guidance on protecting young internet users.
But just as families work to safeguard their children’s digital lives, a new wave of regulatory requirements is reshaping the internet for everyone. Age verification mandates, designed to protect minors from inappropriate content, are proliferating across the globe. The United Kingdom’s Online Safety Act and similar laws in U.S. states such as Florida, South Carolina, and Tennessee now require users to prove their age—often by submitting government identification or undergoing facial recognition—before accessing certain online services.
This regulatory push has triggered a flurry of technical innovation and controversy. On August 16, 2025, DNS provider NextDNS announced the launch of its "Bypass Age Verification" feature, a tool designed to circumvent mandatory age checks without requiring users to hand over sensitive identification documents to third-party websites. NextDNS explained its motivation bluntly in a post on Hacker News: "We think that’s a terrible idea: handing over government documents to random sites is a huge privacy risk."
The feature, which became instantly available to all NextDNS users—including those on free accounts—relies on DNS-level geographic spoofing. When a user attempts to access a site with age verification requirements, NextDNS reroutes the DNS request through proxy servers in countries without such rules. From the website’s perspective, the traffic appears to originate from a different jurisdiction, effectively sidestepping the age check. This approach is distinct from traditional VPNs, which reroute all internet traffic; NextDNS operates solely at the DNS resolution level, resolving domain names and implementing redirection only when necessary.
The timing of NextDNS’s release is no coincidence. The company’s move comes amid a surge in VPN registrations reported by Proton following the rollout of age verification laws in various U.S. states. Meanwhile, major platforms have responded in divergent ways. X (formerly Twitter) now places its age verification system behind a premium paywall, requiring users to submit government ID or use facial recognition technology through third-party processors like Au10tix, Persona, and Stripe. Google, on the other hand, has begun using machine learning to estimate user ages for ad protections, eschewing explicit verification for all users.
European authorities are also tightening the screws. On February 11, 2025, the European Data Protection Board issued Statement 1/2025, outlining strict data protection principles for digital service age verification. The EU plans to roll out a comprehensive Digital Identity Wallet in 2026, aiming to enable privacy-preserving age checks through selective disclosure of credentials.
The rapid expansion of age verification requirements has profound implications—not just for families and individual users, but for the entire digital advertising ecosystem. Marketers must now grapple with segmented user bases, as verified users provide more reliable demographic data but overall reach may shrink due to verification barriers. The integration of age checks with subscription models, as seen with X, signals a fundamental shift in how platforms monetize and manage their audiences.
NextDNS’s new feature has been met with mixed reviews. According to community feedback on Reddit, the system successfully bypasses verification on some websites, but remains ineffective for platforms like Twitter and Reddit. The company acknowledges the feature is in beta and expects to expand its coverage over time. Technical limitations persist—YouTube’s age-restricted content, for example, still requires account authentication, which DNS-level tricks can’t bypass.
Privacy advocates largely support DNS-level solutions, seeing them as a bulwark against the "privacy nightmare" of uploading government documents to unknown entities. However, regulatory authorities are taking notice. According to BBC reporting, UK regulator Ofcom has warned that platforms must not "host, share or permit content that encourages use of VPNs to get around age checks," and government officials confirm that such promotion is illegal under current regulations. The same scrutiny could soon extend to DNS-level bypasses like that offered by NextDNS.
NextDNS, for its part, touts its broader suite of privacy and security features. The company operates 132 server locations worldwide, processing over 100 billion DNS queries each month and blocking 15 billion malicious or unwanted requests. Its platform includes malware and phishing protection, ad and tracker blocking, SafeSearch enforcement, YouTube Restricted Mode, and granular parental controls—capabilities that resonate with privacy-conscious families and enterprise users alike.
Industry figures have praised NextDNS’s approach. Leo Laporte, Chief TWiT and The Tech Guy, remarked, "I’m really impressed and I think it’s something people should pay attention to. I’ve put it on at home and on my phones and so far it works and it works imperceptibly and it absolutely will speed up your surfing." Google’s Vinicius Fortuna described the service as "Pi-hole on the cloud," highlighting its cloud-based blocking capabilities. Mozilla, too, has named NextDNS a trusted partner for delivering secure DNS services to Firefox users.
For families, the stakes are clear: teaching children about online safety and privacy is more important than ever, especially as regulatory and technical landscapes evolve. For technology providers and marketers, the challenge lies in navigating a patchwork of laws, user expectations, and technical workarounds—while ensuring that privacy and security remain paramount. The coming year promises further debate, innovation, and, undoubtedly, new twists in the ongoing struggle to balance child protection with digital freedom.
