Telegram founder Pavel Durov has cautioned that the European Union’s age verification app may eventually be used as a surveillance tool.
He claimed that EU officials are making it seem like a privacy-friendly method of child protection on the internet, yet the outcome is likely to be quite the opposite.
In a Telegram post on Friday, Durov pointed to comments from security consultant Paul Moore. Moore said the app could be hacked in “under two minutes” after he reviewed how it works.
In an X post on Thursday, Moore warned that the product could lead to a major data breach in the future. He also said the system could be fooled, meaning the age check might not stay properly linked to the real user or their device.
EU says age-check app protects children and preserves privacy
The European Commission says the new age-check app is part of its wider effort to make online platforms safer for children.
On April 14, European Commission President Ursula von der Leyen said the tool is technically ready and it would allow users to prove their age when accessing online services.
She explained the tool is designed to protect children against harmful or inappropriate online content when cyberbullying, addictive features of platforms, and increased screen time are growing in significance.
Leyen further stated that every one out of six children is bullied online, with one out of eight being bullies online.
The European Commission claims that the app will be compatible with phones, tablets, and computers. The users will be required to use a passport or national ID card to confirm their age.
Meanwhile, the system is created in such a way that it validates the age of a person without disclosing more personal information than is necessary.
The European Commission has defined the app as open-source, anonymous, and with high privacy protection. On its digital policy page, the Commission says users should be able to show they are above a certain age without sharing extra personal details.
It also says people’s online activity should not be tracked through the system. Moreover, Brussels explains that the app will be created to correspond with future European Union Digital Identity Wallets, which are set to be introduced by the end of the year.
Telegram founder flags design flaws
That official message is very different from Durov’s criticism.
Durov said the European Commission spent more than a year developing the app, but it was broken almost as soon as it was released. He said people should not treat this as a small embarrassment or just laugh at it.
In his view, the weakness may have been part of the design from the beginning. He argued that the app relied too much on the user’s own device, which he called a serious mistake. Therefore, he said, the system became easy to bypass.
He said, “Their age verification app was hackable by design — it trusted the device (that’s instant game over).”
Durov says security failures could lead to more monitoring
The Telegram founder explained what he thinks may happen next. First, officials introduce an app and say it protects privacy, even though it is easy to break.
Second, the app gets hacked, which he says has already happened. Third, authorities use that hack as a reason to remove privacy protections and add stronger monitoring.
He warned that the final result could be a surveillance tool presented as a safety measure.
Durov said this problem may not stop at age checks. He warned that, over time, such security issues could be used as a reason to expand identity checks across many online services in Europe.
Durov stated, “The EU bureaucrats needed an excuse to silently start turning their “privacy-respecting” age verification app into a surveillance mechanism over all Europeans using social media. Today’s “surprising hack” just handed this excuse to them.”
The Telegram founder ended his message with a warning for users to stay alert. The dispute also matters more broadly for the crypto and tech sectors, as digital identity systems are becoming a bigger part of internet regulation.
The issue of the extent to which governments, applications, and web-based systems might request personal data in the future is already of concern to many users. As a result, the debate over age verification goes beyond just one app or one launch.