news

Telegram CEO Pavel Durov Warns EU Age-Verification App Could Expand Into Online Tracking System

Nidhi Saini
Published: April 18, 2026
4 min read
Telegram CEO Pavel Durov Warns EU Age-Verification App Could Expand Into Online Tracking System

STAY UPDATED WITH COTI

Follow COTI across social media platforms to get the latest news, updates and community discussions.

X IconFollow on XTelegram IconJoin Telegram
Make us preferred on Google

Summary:

  • Pavel Durov warns the EU's age-verification app could evolve into broader identity tracking.
  • Security concerns surfaced after claims the system can be bypassed in minutes.
  • The European Commission says the app is "completely anonymous" and ready for rollout.
  • Debate grows over privacy, security, and the future of digital identity in Europe.

The debate around digital identity in Europe just took a sharper turn. Pavel Durov, the CEO of Telegram, has warned that the European Union's new age-verification app could go far beyond its stated purpose. In a recent Telegram post, Durov pointed to security concerns raised by independent researchers and argued that the system may eventually open the door to wider tracking across online services. His comments came just days after the European Commission said the app was technically ready for rollout. The trigger for the criticism was a technical analysis by security consultant Paul Moore, who claimed the app could be bypassed in under two minutes. 

According to Moore, the issue lies in how the app handles user authentication during setup. The system stores an encrypted PIN locally, but without properly linking it to the secure identity vault, making it possible for attackers to manipulate the process. Moore described a simple method where removing certain stored values could allow someone to bypass the PIN entirely. That, in theory, breaks the link between the user and the age verification process. Durov took that concern further. He argued that weaknesses :

"The "age verification app" the EU wants to impose on the world got hacked in 2 minutes. Step 1: Present a "privacy-respecting" but hackable solution. Step 2: Get hacked (you are here). Step 3: Remove privacy to "fix" it. Result: a surveillance tool sold as "privacy-respecting"."
Source

EU Pushes Privacy-First Design, But Questions Remain

From the EU's perspective, the project is designed with privacy at its core. The European Commission introduced the age-verification framework as a way to let users prove they are over 18 without sharing personal details. The system works by separating identity verification from usage. When a user signs up, their age is confirmed using official data, such as a date of birth. But when they use the app on websites or platforms, only a simple confirmation is shared - without not sharing the personal information. Officials say this approach reduces the risk of data exposure and prevents cross-service tracking. Each verification is designed to be used only once, and the service receiving the proof does not know where else it has been used. Ursula von der Leyen reinforced that message earlier this week, stating:

" It is for parents to raise their children. Not platforms. The European Age Verification App is ready"
Source

The goal is clear that Policymakers want to give users control while ensuring age-restricted content is properly enforced. It is part of a broader push toward digital identity tools that can work across borders and services. But critics argue that even well-designed systems can create new risks. If widely adopted, age verification could become a default requirement for accessing parts of the internet. Over time, that could shift expectations around anonymity online. Durov's broader point reflects that concern. In a follow-up comment, he suggested that incidents like this could be used to justify tighter controls later, gradually moving from optional verification to more comprehensive identity checks across platforms.

Privacy vs Control in the Digital Age

This discussion goes beyond one app. It touches a deeper tension that has been building for years that balances privacy with regulation in a digital world. On one side, governments are under pressure to protect users, especially minors, and to enforce rules around harmful content. Age verification tools are one way to address that. They offer a way to apply rules without relying entirely on platforms to self-regulate. On the other side, privacy advocates worry about the long-term impact. Even if a system starts with limited scope, it can expand. What begins as age verification could eventually link into broader identity systems, especially as digital wallets and cross-platform authentication become more common.

Durov has been a consistent voice in that conversation. As the head of Telegram, he has often positioned himself as a defender of user privacy and free speech. At the same time, he remains under investigation in France over allegations tied to illegal activity on the platform, including claims that Telegram has not fully cooperated with authorities. For now, the EU's age-verification app is still in its early stages. It has not yet been rolled out at scale, and its real-world performance remains to be tested.  

Related Topics

#Age-Verification App#EU Age Verification#Pavel Durov#Security#Privacy

About the Project

Crypto News

About the Author

Nidhi Saini

Nidhi Saini

Nidhi Saini is a writer and co-founder of CotiNews, with over four years of experience working in Web3 marketing. She brings a practitioner’s perspective to her writing, shaped by years spent understanding how blockchain products are positioned, communicated, and adopted. As a co-founder, she is also involved in shaping the platform’s editorial direction, ensuring the publication stays thoughtful, credible, and grounded.

View all articles

Disclaimer

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official stance of CotiNews or the COTI ecosystem. All content published on CotiNews is for informational and educational purposes only and should not be construed as financial, investment, legal, or technological advice. CotiNews is an independent publication and is not affiliated with coti.io, coti.foundation or its team. While we strive for accuracy, we do not guarantee the completeness or reliability of the information presented. Readers are strongly encouraged to do their own research (DYOR) before making any decisions based on the content provided. For corrections, feedback, or content takedown requests, please reach out to us at

contact@coti.news

Stay Ahead of the Chain

Subscribe to the CotiNews newsletter for weekly updates on COTI V2, ecosystem developments, builder insights, and deep dives into privacy tech and industry.
No spam. Just the alpha straight to your inbox.

We care about the protection of your data. Read our Privacy Policy.