Child Safety on Social Media: Out of 86 Tested Tools, Only 35 Work

Among 86 safety features for minors distributed across Instagram, Snapchat, TikTok, and YouTube, only 35, slightly over 40%, truly function as the companies claim and remain reachable by a child during normal use. This is the central finding of the report published on June 29 by the Cybersafety Research Center, a joint initiative of NYU and Northeastern University, conducted in collaboration with the Heat Initiative.

To pass the test, each tool had to meet two conditions simultaneously: work as promised and be visible and accessible to underage users. Researchers, led by Laura Edelson, an assistant professor of computer science at Northeastern, created fake accounts for minors of various ages and adults aged 25 and over, testing each feature in three scenarios: the boy's normal use, his attempt to bypass protections, and a malicious adult trying to circumvent restrictions on a separate teen account.

Edelson and her team categorized the failures into three categories: buried features, difficult to find in the menus; broken, existing but non-functional or easily bypassed; and missing, nine tools that could not be activated even by following the stated instructions. Twelve were found to be both broken and buried.

Failure rates vary significantly by platform: Snapchat 73%, Instagram 66% (where 29 features, the highest number, were examined), YouTube 55%, and TikTok 50%. The situation worsens when looking at specific areas: all conduct tools designed to prevent or detect cyberbullying failed on all four platforms, and only one in three mechanisms against compulsive use, such as time limits and break reminders, held up.

Unwanted Contacts and Sensitive Content

On Snapchat, an adult account was able to search for, find, and message a minor account without any restrictions; the boy received the friend request and, after accepting it, saw the adult's message history without any warning. On TikTok, instead of blocking content related to eating disorders and self-harm, the search engine began suggesting them to a teen account, offering terms like "how to pretend to eat your food" and "razor blade skin" from pro-anorexia communities. On Instagram, while a minor account typed "eating disorder", the app automatically suggested variants with deliberate spelling errors that bypass filters; the same bypass worked on Snapchat.

Even Instagram's protections that exist on paper show flaws. The prompt to rethink, which asks users to reconsider before posting an offensive comment, did not activate when a teen account used openly bullying language towards another teen. And the protection that prevents adults from initiating conversations with unapproved minors remains, according to researchers, compromised: a boy can message an adult he doesn’t follow first, and the latter can respond without restrictions or warnings.

The Platforms' Response

The companies contest the framework of the report. Meta described the report as "fundamentally flawed", accusing the authors of misunderstanding how the tools work or failing to provide evidence, and explained that the messaging initiated by the minor indicates a desire to connect, thus the feature would behave as expected; regarding the missed prompt, they argue that it is not designed to activate when both accounts follow each other.

Snap talks about issues based on "intentional actions to circumvent protections, not representative of typical use", while YouTube and TikTok claimed the effectiveness of their tools. It should be noted that the New York Times independently replicated the findings, receiving the same responses from the companies, and that researchers had reported Instagram and Snapchat's most serious messaging vulnerabilities before publication.

The report manages to judge some choices effective: on TikTok, under-13s are directed to a viewing-only experience, without search or messaging, and the app prevents re-signup with a false age on the same device; on Instagram, minor accounts are created private. The study, which focused on features directly accessible to children and not parental controls, concludes with a recommendation: make safety the default mode and, for younger users, remove risky services instead of building barriers around them that, in practice, are circumvented.