Pavel Durov, founder of Telegram and a prominent figure in the crypto sector with close ties to the TON network, warned that the European Union’s new age-verification app could be used to justify broader tracking of social media users after a cybersecurity report said the system could be bypassed in under two minutes.
The warning came after the European Commission presented the app as a privacy-preserving tool designed to allow users to prove they are old enough to access online platforms without disclosing additional personal information.
In a post on Telegram, Durov said the vulnerability should not be viewed as merely a technical problem, adding that the app’s design could allow authorities to first introduce a system marketed as privacy-friendly, then tighten controls after security failures, ultimately turning it into what he described as a surveillance mechanism.
His comments followed a report by Cybernews, which cited security consultant Paul Moore as saying he had bypassed the app’s protections in less than two minutes.
According to the report, the app stored certain controls locally, allowing a user to reset a PIN, clear rate-limiting counters, and disable biometric checks by altering configuration settings.
EU Digital ID Push Faces Backlash
The European Commission has said the app is intended to help platforms comply with child-protection rules while limiting the amount of personal data shared online. Brussels has also said the system is built to high privacy standards and is designed so that platforms cannot track users’ activity through the tool.
The age-verification system was first introduced as part of the EU’s broader digital identity plans and is expected to serve as an interim solution before the bloc rolls out its Digital Identity Wallet framework.
Durov, who has frequently criticized efforts to increase oversight of online communications, said the latest controversy could hand EU officials an excuse to expand data collection under the banner of security.
The dispute adds political weight to an already sensitive debate in Europe over how to balance child safety online with privacy protections and limits on state oversight.
New Apps, Old Privacy Concerns
Durov’s warning comes just weeks after the White House faced its own privacy backlash over a newly launched mobile app, offering a fresh example of how official digital tools can quickly draw scrutiny over data practices.
The White House app, unveiled on March 27 as a direct channel to the administration, was marketed as a simple platform for updates, livestreams, and public feedback. But it soon came under criticism from security researchers and privacy advocates over its use of third-party code, permissions, and broader questions about what user data could be exposed or shared.
While the White House said the app was designed to improve access and communication, the controversy underscored the broader concern raised by Durov that apps marketed as convenient or public-facing solutions can quickly fuel mistrust when privacy safeguards and security standards are challenged.
