[Havoc]

It’s the checking part that’s the bigger issue to me. Speaks to some weapons grade incompetence at highest levels of government

Sending passport scans to random sleezy websites that are likely not even under British jurisdiction is beyond insane

[dcow]

That’s the whole point of digital id. You won’t be sending a passport scan you’ll be sending a verifiable blob of data that says you’re over 18. Is it incompetent to ask for ID to purchase alcohol? Because that’s all this is, but more privacy respecting…

[Palmik]

As far as I know, there isn't a serious implementation of this that is ready for production and that has enough adoption in the affected regions (e.g. UK).

Chrome and Safari are working on browser APIs that seem reasonable, but will only be available around the end of this year. The various region specific identity providers (like GOV.UK One Login) will also need to integrate with those (possibly through Google/Apple Wallet or their own app).

That means one has to use shady 3p age verification services (like Persona) which do who-knows-what with customer data and cost on the order of $1 per verification.

[nemomarx]

Do they have that implementation? When I looked into it I thought you had to send your passport scan to a vendor of some kind?

[dcow]

Yes. That “send your passport in” type of id verification is complete BS and everyone knows that. That’s why there is so much work going into modern cryptographic digital identity standards. You should be able to say “I have it on good authority that I’m over 18” and the other party simply computes the hash of that statement and checks that it matches one of the hashed claims in your digital credential.

https://www.ietf.org/archive/id/draft-ietf-oauth-selective-d...

https://csrc.nist.gov/csrc/media/presentations/2024/wpec2024...

[nemomarx]

No I get that people are working on it, I mean does the UK have an implementation of it for the online safety act that just went into effect?

The only things I've seen are friends having to submit a photo of their ID to discord to keep using it, etc. The GP was talking about the British version of this specifically right

[dcow]

The NIST link talks about the EU version of this. IDK specifically if the British govt has their head up their ass or not and I’m sorry if they do. The EU and industry standards all support selective disclosure today (there are at least mature standards drafts) and people are working on incorporating ZPKs. The thing Discord does is how you have to solve this problem if you don’t have digital ID. And unfortunately it will exist for quite a time to fill the gaps until digital ID fully proliferates.

[RansomStark]

simple answer no. OFCOM the regulator responsible for ensuring compliance has a nice guide on how you can prove you should be allow to see such filth: """ And how will I prove my age?

There’s a number of methods a site or app might use to ask you to confirm your age. They might do this check themselves or use another company to do the check. These methods include:

- Facial age estimation – you show your face via photo or video, and technology analyses it to estimate your age.

- Open banking – you give permission for the age-check service to securely access information from your bank about whether you are over 18. The age-check service then confirms this with the site or app.

- Digital identity services – these include digital identity wallets, which can securely store and share information which proves your age in a digital format.

- Credit card age checks – you provide your credit card details and a payment processor checks if the card is valid. As you must be over 18 to obtain a credit card this shows you are over 18.

- Email-based age estimation – you provide your email address, and technology analyses other online services where it has been used – such as banking or utility providers - to estimate your age.

- Mobile network operator age checks – you give your permission for an age-check service to confirm whether or not your mobile phone number has age filters applied to it. If there are no restrictions, this confirms you are over 18.

- Photo-ID matching – this is similar to a check when you show a document. For example, you upload an image of a document that shows your face and age, and an image of yourself at the same time – these are compared to confirm if the document is yours. """

https://www.ofcom.org.uk/online-safety/protecting-children/a...

[RansomStark]

I think that is the point... Like most things UK government related, this is about what is best for us, and what is best for us, is no porn, and no privacy.

Handing over details to sleazy websites is never going to happen. Everyone is going to use a VPN. That's the point. Next year, maybe the year after the government will concede that age verification didn't work and more needs to be done. Then they come for your VPN.

The BBC, always the mouthpiece of the UK government is already laying the groundwork [0].

I know how tinfoil hat this sounds, but at this point, its not a conspiracy, its just how the government that created and sold nudge units [1] operates. It's decades of thinking "they won't do that" then watching them do it.

[0] https://www.bbc.com/news/articles/c1k81lj8nvpo

[1] https://en.wikipedia.org/wiki/Behavioural_Insights_Team

edit: spelling

[worldofmatthew]

I am planning a blog post soon on this topic and all the ways a "VPN Block" can be bypassed and how even trying could cause internet bills to skyrocket.