[Gigachad]

The long term solution would have to be some kind of integration with a government platform where the platform doesn’t see your ID and the government doesn’t see what you are signing up for.

I don’t this will happen in the US but I can see it in more privacy responding countries.

Apple and Google may also add some kind of “child flag” parents can enable which tells websites and apps this user is a child and all age checks should immediately fail.

[xp84]

I do like the idea of the “this is a child” taint (ok, terrible name but I really think it should be a near-unremovable thing on a platform like Apple’s that’s so locked down/crypto signed etc).

Like, you’d enroll it by adding a DOB and the computer/phone/etc would just intentionally fail all compatible age checks until that date is 18 years in the past. To remove it (e.g. reuse a device for a non-child), an adult would need to show ID in person at Apple.

Government IDs could be used to do completely privacy preserving, basically OpenID Connect but with no identifying property, just an “isEighteenOrMore” property. However, i agree it’ll never happen in the US because “regular” people still don’t know how identity providers can attest without identifying, and thus would never agree to use their government ID to sign into a pornsite. And on top of all that yeah nobody trusts the government, basically in either party, so they’d be convinced the government was secretly keeping a record of which porn sites they use. Which to be fair is not entirely unlikely. Heck, they’d probably even do it by incompetence via logs or something and then have people get blackmailed!

[RupertSalt]

When I played an MMOG, if the admins found out that a child was underage, it was customary for them to suspend their account until their 13th birthday. I thought this was a clever policy, but I just can't understand the reverse of authenticating someone's age based on that of their account...

[rkagerer]

This assumes people are putting in their real birthdays, which IMO is a terrible practice to encourage.

I never put in my real birthday. It's just one more datapoint to leak in an inevitable hack and help scammers exploit me.

Just because a website sticks a field on a form, doesn't mean you need to fill it out.

I can think of maybe 1 website I use that has a legitimate use to know this info about me... and a dozen that use my fictious birthday for no other purpose than an excuse to market at me under the shallow guise of a 'Happy Birthday' email.

[rmunn]

There are many websites that believe I was born on January 1st, in a year close to my actual birth year.

When it's actually required by some law or regulation (e.g. financial stuff) I give my actual birthday. But when some site is just wanting to comply with age verification? Yep, I'm over 30, so you don't need to see my identification. (Jedi hand wave).

[RupertSalt]

Well, they would have the legal right to force-choke your account, or chain your partner to a golden bikini, when they discover that you weren't abiding by the Terms and Conditions which you agreed to. Seems fair.

[rmunn]

Abide by the Terms and Conditions? You must think I'm some sort of good Force user!

"I am altering the deal. Pray I do not alter it any further."

[RupertSalt]

They were not, actually.

IIRC, it went like this: the account creation screen prompted them for a birthdate. They entered a fictitious one and pretended to be over 13. (I saw my niece do this in front of me, and I just sighed a very heavy sigh. She was way more interested in Club Penguin.)

Then later, they let the cat out of the bag. They tell their friends "lol I'm only 10! Today's my birthday, so give me a hat!" or something. And so if they claimed they're 10 they got 3 years suspension.

I think there was never any verification done, and no verification was possible: think about it, under COPPA, a service in the USA cannot collect PII from children under 13, so what do you do when a kid gives you two contradicting datapoints? Err on the side of caution.

I gave Yahoo! a false birthdate when I signed up. I was 27, but I also just felt they weren't entitled to knowing it. However, I soon found that maintaining a fraudulent identity is tiresome and error-prone. And Yahoo! wouldn't let me simply change my birthdate as often as I wanted to.

I once had a conversation with a friend about cheating on IRS taxes. She said "can you lie to a piece of paper?" like fudging numbers wasn't like lying to an auditor's face. It was a rhetorical question, of course.

[FMecha]

Some platforms also now suspend you if they find out you were registering before turning 13 (or minimum age).

[hparadiz]

lol.

twitter did this to an ex (pre musk purchase)

she's about to turn 30.

[fph]

Exactly, that's the problem: with OIDC the ID provider gets to know which sites you visit. That is unavoidable given how the protocol works. And you don't want to give all that information to the government in the first place.

[Aurornis]

> where the platform doesn’t see your ID

ID checks aren't very worthwhile if anyone can use any ID with no consequences.

How long would it take for someone's 18 year old brother to realize they can charge everyone $10 to "verify" everyone's accounts with their ID, because it doesn't matter whose ID is used?

[BobaFloutist]

Ok, at which point an adult has taken responsibility for giving them access.

The older brother could also rent an R (or x) rated movie, buy cigarettes, lighters, dry ice, and give them to the kids. The point of the age check is to prevent kids from getting access without an adult in the loop, not to prevent an adult from providing kids access

[Y-bar]

This is a good point. We could extend it to computing devices: An adult gives a child access to a device, and now the adult is in the loop and takes responsibility. If said adult (parent, most often) want to automatically restrict certain activities/content on the device they can use the parental controls available. No panopticon required.

[imtringued]

You can only keep the adult in the loop if you have a panopticon that traces back to said adult.

[Gigachad]

The system doesn’t have to be bulletproof. It just has to be better than the free for all it is today.

[notpushkin]

Better?..

[Dylan16807]

Yes, there are good use cases for an anonymous age gate. So making one would be better than today's situation.

[Barrin92]

this is already how the EU infrastructure for digital ID works, basically. Using public/private keys on your national id, the government functions as a root authority that you (and other trusted verifiers downstream) can identify you with and commercial platforms only get a yes/no when you want to identify yourself but have no access to any data.

South Korea also has had various versions of this even going back to ~2004 I think.

[vintermann]

Yes, it has been possible for a long time to provide anonymous attestations. But somehow, they also always seem to require that you have something like Google play services running for you to ask for the attestation in the first place. And with PKI, even though they could do with just the public key, they somehow also always insist on generating the keys for you (so they have the private key as well).

[Semaphor]

Do all EU countries have that? I know our (German) ID works that way, using the FOSS AusweisApp, but I hadn’t heard of it being EU-wide (it should be, though).

[fcatalan]

Spanish ID cards have had an X. 509 cert inside them for more than 10 years, I use it all the time to sign documents and access government sites. There is already legislation and a push for an EU-wide digital identity wallet that should be up and running this year, look up eidas 2.0 and the EUDI wallet.

That looks like it should make things like privacy compatible age verification "trivial".

[Semaphor]

Thanks, that looks very cool, and apparently close to coming into effect.

[trinix912]

It's been a slow rollout but yes, it's an EU wide thing. Slovenian IDs issued after around 2022 have them too.

[int_19h]

It's nice that the platforms don't get access to data, but does the government gets information about who is trying to access what?

[shevy-java]

I see this currently being pushed by some politicians in the EU. And I have a slight suspicion that some of these politicians are literally lobbyists.

The "oh my god, think of the children" is similar to "oh my god, think of the terrorists". I am not saying all of this is propaganda 1:1 or a lie, but a lot of it is and it is used as a rhetoric tool of influence by many politicians. Both seems to connect to many people who do not really think about who influences them.