[broken-kebab]

>You can already do that in the real world.

This argument stays on the sand of inadequate analogy. The way that flaw is described in the story it allows industrialization of bypassing the feature. It's huge difference with the "real world".

[phatfish]

The article is actually one of the better ones I've read. The technical analysis is somewhat above my head, but appears reasonable, and it is suggesting solutions in some cases rather than just dismissing the concerns of parents, and going full privacy nut about our democratically elected governments.

All i would say is that the solution doesn't need to be 100% effective. The same as real world "age gates" or ID verification (which is just some random person looking at your ID in most cases) are not.

The precedent set -- that everything online should NOT be immediately accessible to children -- provides parents (the ones that care at least) with some backup when trying to raise their children. Ultimately society as a whole is responsible children, and i don't want to live in a society that thinks it is fine for kids to scroll any content on social media and watch porn as soon as they are able to work out how to use a smartphone.

The replay attack mentioned may always be a loophole, I'm not sure. But any site hosting the replay attacks should be targeted for shutdown/blocking. The "source" ID must come from somewhere as well, so that could be a route to shutting them down (there are 100's of age verification requests against one ID each day, that's a bit weird...).

If parents are helping their kids bypass age gates or straight up don't care their 11 year old is watching porn, then there is not much to be done in that case. The key thing should be keeping the majority of children in compliance to give cover to the parents that do care. Not giving all the power to bad parents and social media companies as is the situation the moment.

[jeroenhd]

And unlike in the real world, there's little to no real benefit to it online.

What value is there to industrializing any of this? Kids who will pay someone for their age tokens to watch porn or create social media would probably be smart enough to download a free VPN instead.

Even in the very worst case scenario for the designers of this system, where large amounts of people manage to extract their tokens and hand them out for free, the downsides everyone fears won't apply anymore. I think a lot of people might be happy about that.

[dwedge]

This "they'll just use a vpn" argument is infuriating to me because it's being used to downplay intrusive laws and make them more palatable. The obvious next step (the UK already hinted at it after the online safety act) is forcing VPNs to do ID verification.

[knollimar]

if anything, the "they'll just use a vpn" is an argument for the other way.

Law has privacy downsides and is trivially bypassable -> law is bad.

[throw-the-towel]

And then, blocking the VPNs that don't comply, Russia style. (If you're sure It Can't Happen Here,[0] you're part of the problem.)

[0] https://en.wikipedia.org/wiki/It_Can%27t_Happen_Here

[broken-kebab]

I'm not sure I understand your last para. Care to elaborate?