Sorting through scam messages. Waiting on hold with your insurance provider. Annoyances like these drain our time and even our bank accounts.

In a new report published by Groundwork Collaborative, economists took a stab at calculating just how much consumers pay in time, fees, and irritation to navigate the economy.

“So I think it’s just the tip of the iceberg,” said Neal Mahoney, a professor of economics at Stanford University and the co-author of a new report on the annoyance economy. “But what we tried to do in the piece is taught up how much time and money we are spending on health insurance paperwork, dealing with spam calls and text messages, waiting on hold for customer service … and we got to was $165 billion.”

Mahoney spoke with “Marketplace” host Kai Ryssdal about this report.

As governments push stricter online child safety rules, digital rights advocates warn about the risks of collecting IDs and facial data.

A landmark trial against Meta and YouTube is underway, as the companies face claims that their platforms harm children’s mental health.

This comes as lawmakers around the world are advancing new child safety laws — including age-verification requirements that could require users to upload a government ID or submit facial scans to confirm their age. But some digital rights advocates warn that efforts to make the internet safer for children could introduce new privacy risks, especially if sensitive personal data is collected or stored by third-party vendors.

Marketplace’s David Brancaccio spoke with Kian Vesteinsson, senior researcher at Freedom House — a nonprofit focused on democracy and human rights — for more on the tension between child safety legislation and online privacy. The following is an edited transcript of their conversation.

David Brancaccio: Age verification for what we get access to online — I mean, to keep younger people away from harmful or age-inappropriate content — you’re not against that in itself?

Kian Vesteinsson: That’s right. Protecting children from the worst of the internet is a pressing policy aim. There’s plenty of evidence that children using social media platforms can face real harms. But the important thing here is that online anonymity has long been a key enabler for free expression, free speech, and access to online information, and we need to make sure that we protect it.

Brancaccio: And you have specific concerns about if we are asked to verify our age before getting access to certain content, what are people doing with the ID that we present?

Vesteinsson: So it might be helpful to take a step back, because there are a couple of different ways that companies go about doing this. When a platform has a lot of data about a user, it is possible to forecast their age based on their online activities. This is usually called “age inference,” and it tends to require really sophisticated machine learning tools.

For example, you know, my YouTube history has been live videos of Prince guitar solos and instructions on how to make the best chicken stock. That’s a pretty good signal that I’m an adult. My account has been active for around 20 years on YouTube; that’s another great signal that I’m an adult. But this sort of inference isn’t always possible, so in those circumstances, companies need to check someone’s age by guessing using analysis of their facial features — like their facial hair, for example, or wrinkles — or by scanning a government-issued identification card. And it’s at this stage that we see really sensitive personal information introduced into the picture. That’s where the privacy and security concerns come in.

Brancaccio: It’s happened to me before. There was somebody tampering with one of my online accounts, and I think it was Meta[‘s] Facebook asked me to take a picture of myself holding up my driver’s license. That should have made me more nervous at the time?

Vesteinsson: Well, that’s a really good example where you are opting into this face comparison to get something that’s yours. But age verification measures introduced at scale pull an incredible amount of personal data into the online ecosystem. Last fall, Discord disclosed that hackers had breached a vendor doing age verification services. Discord estimates that in this one single breach, around 70,000 people had their government ID cards exposed in the hack, and now presumably transacted by cyber criminals on the internet. We should also anticipate that these companies will be a target for state-backed hackers.

Brancaccio: Because there are good ways and bad ways to do this. There are ways that are more vulnerable, but there are ways — you’re persuaded in this world of hackers, where there’s a decent chance that your data will be safeguarded?

Vesteinsson: There are promising efforts being developed right now to do age verification in a way that’s privacy-preserving, but they’re not ready to go to market. One model that’s gaining steam involves creating third-party digital infrastructure that would check a government-issued identification card and then immediately delete any associated sensitive data. This would be [a] nonprofit third-party tool. That service could then supply a token confirming someone’s age when they request it in order to access a social media platform. But it’s going to take time and money to figure out how to do this in a privacy-preserving way, and as we invest in developing these tools, policymakers should look towards other mechanisms, rather than these sort of blunt-hammer age-verification approaches.

Brancaccio: I’ve been focused on hackers, however we define those. Do you have an additional worry that, depending on which government you’re talking about in some part of the world, that, in fact, governments could get a hold of this private data and misuse it?

Vesteinsson: Yes, age verification laws are ripe for abuse in countries with weak rule of law and widespread government surveillance. Freedom House puts out a report each year that assesses conditions for free expression and privacy online in 72 countries around the world. Our research has found that authorities in many countries deploy censorship and surveillance to target online expression of dissent. In fact, we estimate that 81% of the world’s internet users live in countries where people have been arrested or imprisoned for posting content about political or social issues as of mid-2025.

In environments like these, there is considerable risk in connecting a person’s online activities to a photo of their face or their identification card. Now, most countries have legal procedures in place that empower law enforcement to request user data from private companies in order to investigate crimes. This is standard practice. It’s normal, and it’s necessary, but our research has found that repressive governments routinely abuse standard legal process for data requests in order to target activists or people criticizing government conduct on the internet. And age verification poses an enormous risk to empower authorities to abuse those laws even further.

Market place

PayPal officially disclosed a significant data exposure incident involving its PayPal Working Capital (PPWC) application. In a newly circulating security incident, PayPal confirmed that sensitive customer information was exposed for nearly six months in 2025 due to a software flaw in one of its business financing tools.

The breach affected users of PayPal’s Working Capital loan application, exposing a wide range of personally identifiable information, including highly sensitive data such as Social Security numbers and dates of birth. According to PayPal, the incident originated from a coding error within the PayPal Working Capital (PPWC) loan platform.

The company says the issue persisted from July 1 until mid-December 2025 before being identified and rectified

PayPal data breach exposed sensitive user data for six-month period; what you need to know

PayPal officially disclosed a significant data exposure incident involving its PayPal Working Capital (PPWC) application. In a newly circulating security incident, PayPal confirmed that sensitive customer information was exposed for nearly six months in 2025 due to a software flaw in one of its business financing tools.

The breach affected users of PayPal’s Working Capital loan application, exposing a wide range of personally identifiable information, including highly sensitive data such as Social Security numbers and dates of birth. According to PayPal, the incident originated from a coding error within the PayPal Working Capital (PPWC) loan platform.

What should users do?

It is recommended for users to take following steps:

• Enrolling in credit monitoring services
• Placing fraud alerts or credit freezes if necessary
• Updating passwords across financial accounts
• Being cautious of unsolicited communications

PayPal’s latest disclosure adds to a growing list of high-profile data exposure incidents in the financial sector, underscoring the risks associated with digital financial services in an increasingly digital economy. The incident highlights ongoing challenges in the wake of rising security threats. The prolonged duration of these security challenges-nearly half a year-raises questions among regulators and customers regarding detection capabilities and internal monitoring processes.

By The News Digital