[Kim_Bruning]

Ok, let's assume for today that age gating is the thing to to.

Requiring ID is not entirely the right approach here I think. You're forcing people to reveal PII for limited gain, and building systems you can't knock down later.

The EU is working on a zero knowledge proof system for exactly this purpose, but it doesn't quite seem to be ready for prime time yet.

https://ageverification.dev/Technical%20Specification/annexe...

[StopDisinfo910]

The restricting law is mostly concerned with the age gating, not the how.

You can expect another law or directive to explain how it has to be done. In the EU, GDPR does apply so you can be sure that poorly storing ID copies for this purpose will not fly.

But, I think it's clearly what ID is for and a legitimate use case for electronic ID. ID is the tool the state uses to give you a way to prove you are who you pretend to be.

I think there's something a bit funny in worrying about giving a copy of your IDs to companies who already know everything about you from your full social graph to your political leanings and interests.

[lbeltrame]

> I think there's something a bit funny in worrying about giving a copy of your IDs to companies who already know everything about you from your full social graph to your political leanings and interests.

I believe it's because the governments (which are far more powerful than any "corporation", because they have the de facto monopoly of violence: Microsoft can sue you, but the government can just jail you) can then pressure said companies if there's something that is not liked, with all consequences that come from there.

There's no need to bring conspiracy theories in, FTR. The power of the government must be always limited and bound by strong chains, and this goes in the opposite direction.

[StopDisinfo910]

> I believe it's because the governments (which are far more powerful than any "corporation", because they have the de facto monopoly of violence: Microsoft can sue you, but the government can just jail you) can then pressure said companies if there's something that is not liked, with all consequences that come from there.

But the idea that giving your ID changes anything is a fiction. These platforms already require you to provide your phone numbers or an email. They have your location. They already know who you are and they can already be pressured by the government for all that. They don't even need to be pressured actually. They willfully share a ton of information as has been shown time and time again. The ID that you can somehow get plausible deniability regarding the association between your social media profile and identity is a complete myth.

> There's no need to bring conspiracy theories in, FTR. The power of the government must be always limited and bound by strong chains, and this goes in the opposite direction.

I don't think a theorical, overblown and mostly fictitious increase in risks trumps the very real need to limit the armful impact of these actors. It makes for ok-ish lobbying but that's pretty much it.

[lbeltrame]

> But the idea that giving your ID changes anything is a fiction

I'd say it's an expansion of the "attack surface". Not to mention: what happens with those IDs after the fact?

> I don't think a theorical, overblown and mostly fictitious increase in risks

It already happened in my country (an European country) during the pandemic (and not in the first days). So it's not fictitious.

[iamnothere]

Ok “StopDisinfo910”, thanks for your independent and impartial perspective on this.

[aaplok]

> Requiring ID is not entirely the right approach here I think

It is in the sense that it entices the industry to come up with a better approach.

Otherwise they'll just sit on their piles of gold saying that it can't be done, as they have been doing for far too long.

[pjc50]

This approach is just fine for the industry: delegate the problem to the lowest, shadiest bidder. After all, privacy breaches aren't their problem. If governments want an ID system they should provide one.

[aaplok]

And maybe they will.

We have gone from the industry clamouring that what's being done now is not possible and spending millions of lobbying money against it, to such laws spreading like wildfire.

The next step is the (inevitable) mess up because implementations won't be foolproof, followed by yet more millions of lobbying money being spent to amplify the effect of these mess ups.

Eventually we will come to a new normal. It will take time. But the hope is that the cat is out of the bag and we don't come back to a model that we know hurts children and pretend it's just how it is.