[CaptainOfCoit]

On the government endpoint, which returns X that the platform uses as "evidence" for you being an adult, yes, that's tied to your identity, as the certificate/whatever is tied to your identity.

But as long as the platform who need to validate that you're an adult don't get your identity, but just the proof, I don't see what the problem is?

> What is the incentive for the citizen to make sure their authentication isn't shared?

What incentives do people today have for keeping their identifications to themselves? Why aren't we all sharing CC numbers? Because we realize some data is "personal" and isn't to be used by others, like our username+passwords or whatever. This isn't exactly a new concept, just look at how it works for anything else that is tied to you.

[mrmanner]

> On the government endpoint, which returns X that the platform uses as "evidence" for you being an adult, yes, that's tied to your identity, as the certificate/whatever is tied to your identity.

In this scenario the government knows all the age-restricted sites I've visited. I'd argue that is worse than if all the age-restricted sites I've visited know who I am...

(FTR I don't know what I think about age restrictions in general, but I'm pretty sure there's no implementation that comes without negative side effects)

[Ajedi32]

Not necessarily. The age verification proof doesn't need to be site-specific. But again, that reduces the incentive "for the citizen to make sure their authentication isn't shared" because there's nothing tying it to them.

I also kinda hate the whole idea of needing explicit permission from the government to access the open web, regardless of whether or not they know which specific sites they're giving me permission to access.

[immibis]

There's actually a much better idea that's been floating around. Require over-18 sites to set a certain header. Then anyone who wants to can install a browser on their kid's device that will block pages with the header. There's no privacy implications, no surveillance implications, no need to make VPNs illegal as long as they pass it through; it's just a plain old parental block with a regulation keeping it always up to date. Yes, you may have to stop your kid installing random software on the device to bypass whatever blocking you set up, but you had to do that anyway. If it's Apple or Google they could easily enough require everything in the app store to respect the flag when the device is set to kid mode.

(If the government does the incredibly overbearing thing and does not do the simple and effective and unintrusive thing, it proves their motivations are surveillance)

[gjsman-1000]

Already exists; the industry called it RTA (Restricted To Adults). Nobody used it... and it's 19 years old. Complete failure categorized under "we already tried that."

https://www.rtalabel.org

You can use it too, just put this in as a meta tag:

<meta name="RATING" content="RTA-5042-1996-1400-1577-RTA" />

Or send the following header:

Rating: RTA-5042-1996-1400-1577-RTA

[Ajedi32]

Was it legally mandated? I think that's the main idea GP is proposing. Obviously without any incentive to actually implement it there's no point.

[philipkglass]

I don't think that it matters. The big porn sites have served RTA tags for many years. Android, Windows, macOS, and iOS can all be configured to block adult content tagged with this system. That still hasn't stopped a bunch of states from passing age verification laws ostensibly targeted at protecting children from these sites.

[stevenicr]

In order to accomplish that working, you'd have to legally mandate parents put the blockers on their kids devices.

Similar things exist that block based upon lists and content keywords and such.

Most parents do not want to block stuff from their kids or they would be.

If thousands of them demanded that devices came with blockers then the market would provide such devices.

Many moons ago you could argue parents did not know what the youngins would find on the internet. Today's parents definitely know, and most do nothing to restrict access.

[namibj]

Germany let's the ID cards themselves mint such proofs in a way similar to how Intel's attestation doesn't leak the CPU's serial number.

[wasabi991011]

> What incentives do people today have for keeping their identifications to themselves?

Not being liable for loans they didn't take out themselves, being the recipient of government benefits they are owed, etc. I'm sure you have heard of identity theft before, but it sounds like you haven't heard of why it's a bad thing. It's not just a privacy thing.

[Ajedi32]

If you share your CC number, someone could steal your money. If you share your anonymous age verification token... someone could pretend to be 18? And by design that token is anonymous and there's no way to prove you were the one they got it from? Doesn't seem like much of a disincentive.