[choo-t]

> The age verification bills I've read have steep penalties for retaining information, so that seems fine since that's literally more protection than you get in person.

The best way (and only way) to prevent retaining information is to not share them in the first place.

> You can be in favor of privacy while simultaneously thinking porn, gambling, and advertisers shouldn't be targeting children.

There are other method to achieve this without mandatory identification. You can force these content to be served with an HTTP header providing their legal minimum age of consultation or type of content, and blocking them browser side. Governments could maintain filter lists for different age bracket and release them to everyone, allowing easy compliance on the device parental control settings.

[ndriscoll]

Headers could maybe work in a world where the technology were ubiquitous and people knew how to set it up (c.f. v-chip's failures), and kids couldn't just buy their own device for $20 and use it on the actually ubiquitous free pubic wi-fi to avoid any restrictions.

And actually I think it's a better world where kids can obtain e.g. a raspberry pi that they completely control no questions asked and free public wi-fi exists all over, and the onus is on service providers to not deal with children if they're not supposed to. Basically, a high trust society.

In any case, "don't retain records" is actually a pretty easy task. Trivial, actually (use a device with no disk to handle PII, an API that just returns yes/no to the rest of the system, and heavily restrict the firewall, e.g. no outbound connections). Or you buy a token/gift card in person with ID check. If you think the penalties aren't steep enough to get compliance, just raise them (e.g. business ending fines plus jail time).