[tardedmeme]

What rate limit would you recommend?

My cellphone provider will be pleased be paid to deliver all those 2FA text messages. Who's sending them? How are they getting paid? Maybe I'm actually my own phone company, so I get paid for delivering them to myself.

[Nursie]

> Who's sending them?

Your bank, like they have 2FA for every other access to your account. 2FA also doesn't need to be via SMS, and even when it is that's dirt cheap. Rate limits can be a couple of approvals per hour with daily limits of a small handful. Or a leaky-bucket style algortihm where you can do a few at a time, but you only get one more per hour. Whatever way it's done it precludes your large-scale automation attempt.

I tire of this now. We've entirely wandered off from "Here's a way to prove age without the privacy implications, that works just as well as handing over scans of ID"

So if you have an actual point, please make it.

[pocksuppet]

So the government would stop you from accessing more than two porn sites per hour and five porn sites per day?

[Nursie]

Your bank would likely have a limit on the number of approvals it would issue over time, to stop automated exploits, sure. In theory you only need these approvals once per site on signup.

[pocksuppet]

So my bank would stop me from signing up for more than five porn sites per day?

[Nursie]

Maybe? Is that insanely unreasonable?

We are pre-supposing for the sake of this thread that proving you are over 18 is desirable, but that giving your ID to unknown third parties is not.

That being the case, having a rate-limit on site approvals would appear to be a relatively reasonable tradeoff to stop the system being exploited for gain by third parties like the commenter upthread.

If you don't want any of that in the first place, cool, but I'm not making an argument for it here, just saying that a system that meets these two requirements is possible.