Telegram CEO Durov warns EU age-verification app could enable wider tracking

Telegram CEO Pavel Durov warned Friday that the European Union’s new age-verification app could become a stepping stone toward broader online identity tracking, days after the European Commission said the system was technically ready for rollout.

In a Telegram post on Friday, Durov cited analysis from security consultant Paul Moore, who said the app is hackable in “under two minutes” after examining its technical design.

“This product will be the catalyst for an enormous breach at some point,” Moore said in an X post on Thursday, adding that the system could be tricked so the age check isn’t properly tied to the actual user or their device.

Durov argued that the security concerns went beyond age checks and could, over time, be used to justify broader identity verification across online services in Europe.

The criticism reflects a wider debate over how age verification is being built into online platforms, as regulators in multiple regions push similar systems, raising concerns over security and digital identity infrastructure.

System promoted as being “completely anonymous”

The European Commission released the first version of its age-verification blueprint in July 2025, with the aim of letting users prove they are over 18 without disclosing other personal information.

The age verification framework was developed as an open-source project designed to preserve privacy and support future interoperability with European Digital Identity Wallets.

In a statement on Tuesday, EC President Ursula von der Leyen said the EU’s age verification app is “technically ready,” describing the tool as “completely anonymous” and claiming users can prove their age without revealing personal data or being tracked.

However, after researchers said the system can be bypassed in minutes, it’s unclear whether its privacy and security promises will hold up in real use.

Related: Signal push notifications could present privacy vulnerability, says Durov

According to Durov, the app is “hackable by design,” suggesting it was built in a way that makes it easy to break in practice, which he argues could later be used to justify stronger identity checks.

“The EU bureaucrats needed an excuse to silently start turning their ‘privacy-respecting’ age verification app into a surveillance mechanism over all Europeans using social media,” the Telegram CEO said.

Durov has emerged as a major advocate of free speech and digital privacy. He remains under judicial investigation in France over allegations tied to illegal activity facilitated through Telegram, including organized crime, fraud and the platform’s alleged failure to cooperate with authorities.

Magazine: How crypto laws changed in 2025 — and how they’ll change in 2026