because there is no way to verify someone's age without removing their privacy protections. No matter what politicians seem to believe it's just not possible.
I've always taught my children never to use their real names online. Precisely to avoid creeps. Mandatory age verification means mandatory identification.
I'm not sure if you work in software or not, but it's definitely possible to come up with a schema where you could verify people's age in order to use a platform, without exposing your entire identity to said platform, with a combination of signatures and other cryptographic basics.
Say you have a digital certificate from the government or similar that you use to do your taxes online or whatever, the government could have endpoints where you could use that certificate for signing a proof, that you then hand over to the platform you want to verify your age with. The platform can then confirm it's valid, and that $AGE>X, but they get no other details.
You can even go a bit fancier/more complicated, and the government endpoints wouldn't know what platform you're trying to verify.
At a certain point you need to identify yourself somewhere. If I need to identify myself using a governmental certificate, that still means there's a database somewhere (which can be leaked/abused) coupling my cert to me personally.
I work in software (for way too long, since the 90s) and as far as i can tell any system which can prove your age is at best pseudonymous and needs 3d parties to verify.
Sure, you could create a scheme where only a 'trusted' 3d party has the link between you and your cert. But these days 'trusted' and government is not really a given, sadly. See trump.
This is even more Draconian because it demands that citizens rely on manufacturers. After all the government itself doesn't make phones or hardware crypto modules.
You don't, it's up to citizens to make sure whatever authentication they use can only be used by them, just like how it works for other services today where you authenticate online somehow and the government service assumes you're you since you were able to authenticate.
On the government endpoint, which returns X that the platform uses as "evidence" for you being an adult, yes, that's tied to your identity, as the certificate/whatever is tied to your identity.
But as long as the platform who need to validate that you're an adult don't get your identity, but just the proof, I don't see what the problem is?
> What is the incentive for the citizen to make sure their authentication isn't shared?
What incentives do people today have for keeping their identifications to themselves? Why aren't we all sharing CC numbers? Because we realize some data is "personal" and isn't to be used by others, like our username+passwords or whatever. This isn't exactly a new concept, just look at how it works for anything else that is tied to you.
> On the government endpoint, which returns X that the platform uses as "evidence" for you being an adult, yes, that's tied to your identity, as the certificate/whatever is tied to your identity.
In this scenario the government knows all the age-restricted sites I've visited. I'd argue that is worse than if all the age-restricted sites I've visited know who I am...
(FTR I don't know what I think about age restrictions in general, but I'm pretty sure there's no implementation that comes without negative side effects)
Not necessarily. The age verification proof doesn't need to be site-specific. But again, that reduces the incentive "for the citizen to make sure their authentication isn't shared" because there's nothing tying it to them.
I also kinda hate the whole idea of needing explicit permission from the government to access the open web, regardless of whether or not they know which specific sites they're giving me permission to access.
There's actually a much better idea that's been floating around. Require over-18 sites to set a certain header. Then anyone who wants to can install a browser on their kid's device that will block pages with the header. There's no privacy implications, no surveillance implications, no need to make VPNs illegal as long as they pass it through; it's just a plain old parental block with a regulation keeping it always up to date. Yes, you may have to stop your kid installing random software on the device to bypass whatever blocking you set up, but you had to do that anyway. If it's Apple or Google they could easily enough require everything in the app store to respect the flag when the device is set to kid mode.
(If the government does the incredibly overbearing thing and does not do the simple and effective and unintrusive thing, it proves their motivations are surveillance)
Already exists; the industry called it RTA (Restricted To Adults). Nobody used it... and it's 19 years old. Complete failure categorized under "we already tried that."
I don't think that it matters. The big porn sites have served RTA tags for many years. Android, Windows, macOS, and iOS can all be configured to block adult content tagged with this system. That still hasn't stopped a bunch of states from passing age verification laws ostensibly targeted at protecting children from these sites.
In order to accomplish that working, you'd have to legally mandate parents put the blockers on their kids devices.
Similar things exist that block based upon lists and content keywords and such.
Most parents do not want to block stuff from their kids or they would be.
If thousands of them demanded that devices came with blockers then the market would provide such devices.
Many moons ago you could argue parents did not know what the youngins would find on the internet. Today's parents definitely know, and most do nothing to restrict access.
It doesn't have to be mandated - parents could choose.
Even if it's mandated that kids can only use phones with a special "kid mode" turned on, even if you had to present ID to turn it on or off or buy a phone with it turned off, that would still be way less bad than what's being rammed through parliaments right now.
> What incentives do people today have for keeping their identifications to themselves?
Not being liable for loans they didn't take out themselves, being the recipient of government benefits they are owed, etc. I'm sure you have heard of identity theft before, but it sounds like you haven't heard of why it's a bad thing. It's not just a privacy thing.
If you share your CC number, someone could steal your money. If you share your anonymous age verification token... someone could pretend to be 18? And by design that token is anonymous and there's no way to prove you were the one they got it from? Doesn't seem like much of a disincentive.
Most age verification services use either government providers or 3rd party providers. I show my passport (or whatever) to the third-party. They relay to the site "this user is / isn't over 18". They don't send the DoB, address, photo etc.
So the online service only receives a binary yes/no and nothing else. I don't lose any privacy there.
The third-party knows that you wanted to be verified on service xyz, but not what you do there. Depending on the service I'm using, I may or may not care that they know.
Handing over a passport / licence to get into a bar leaks more information than that.
By sending your gov ID(s) to a third party? You do! They will leak (or leak and then sell) your ID with your name to those who wants to buy it. With services you've ever authorized with them, and probably the list of services you visit with timestamps. As it's NOT the one-time token, I'm pretty sure it has to be renewed from time to time (12h expiration? 1h? Who knows).
This is a system designed for tracking and control.
You've just leaked your identity to the third party!
These third parties tend to be US based, as well. That always raises privacy questions due to "Safe Harbor". It was completely stupid of the government not to even provide a UK age verification service before putting this in place.
"Do it intentionally" is a funny way to spell "I'm forcing you to do it by law and if you don't you won't be allowed to communicate with other humans in a digital form or access digital content".
And even then it's still a leak when the provider inevitably gets hacked and all your data is out there and you have no legal recourse to get reasonable compensation for it.
But if you allow that, the third-party has your id and a list of ALL adult sites you visit. If that leaks it's even worse than a single site leaking your id.
So if it's really like that then what stops me charging people $5 to verify their account for them? Would I get in trouble for doing that? If so, that just proves it wasn't anonymous and people were right to get me to verify for them.
Unsurprisingly, the regulations require that providers take adequate steps to verify identities.
In the UK, that usually means being certified by https://accscheme.com/registry/ or similar. Just saying "I asked some random provider to verify" isn't going to cut it.
Incidentally, $5 is around 10x more expensive than most providers.
Where would their definition of 'verify' be documented?
In the US, the recent federal bill aimed at age verification is more of an 'honor system', where just a yes/no box would suffice. Their position seems to be that it's not the government's job to try to prove you're not lying.
Japan does the same thing when you buy beer or cigarettes, you just tap "I'm at least 20" on the screen and off you go.
I don't know if you've been to a bar recently. Lots of them stick IDs in a scanner. I handed over my passport to a hotel recently, they took it away and photocopied it.
I'd rather trust an organisation which stakes its business on being secure than handing over my ID to anyone.
I have never been 'carded' in a bar in my life. Maybe that's a US thing. Bars here are required to make sure you're old enough but if it's obvious they don't have to card anyone.
The penalties of serving alcohol to under aged are high, potentially losing your license to sell alcohol. Regulators perform random checks with plants to verify proper protocols are followed.
That's not correct. With a government issued signed digital ID cryptographically bound to a hardware security module you can use a zero-knowledge proof based protocol to prove to any third party site that (1) you have a signed government ID, (2) you have the hardware security module that it was bound to when the government issued it to you, and (3) the date of birth field on that ID says you are older than the site's age threshold.
This reveals no other information to the site.
The EU is on track to deploy such a system by the end of 2026. They are currently doing field testing involving thousands of users.
But it still doesn't prove that the person creating the proof is the person who was assigned the government ID, right? What's to stop someone from using their ID to power a bunch of bots?
And AFAIK unless the company has a database/API for all the existing IDs in the world, I would think it doesn't stop forged IDs from existing.
And even then, corrupt employees could still issue forged IDs... there's no guarantee that a single ID equals a single person forever.
So what is the problem? I don’t want my kids sharing real names online. I wouldn’t want them verifying their age with Bluesky either. But that’s fine because I also don’t want them getting porn or DMs on bluesky.
This is win win for kids. It’s not a win for adults who now have to expose their identity.
Imo it's not a win for kids either. Lot's of kid-related websites that want age verification and I'd much prefer my kids to be anonymous online, especially in the context of large software companies.
These schemes are one implementation error away from exposing/tracking peoples identities (even more than they are already tracked).
IMHO kids watching porn is firmly in the domain of parenting, and not a governmental task.
> IMHO kids watching porn is firmly in the domain of parenting, and not a governmental task.
Do you actually believe this? The logical implication of this stance is that stores should be able to legally sell pornography to children.
Fact is that most people are generally very happy to have the government play the part of protector for children. The government in the US stops children from buying tobacco products, marijuana, alcohol, pornography, and many other things deemed dangerous to kids and for the most part people have no problem with that.
When it gets to the internet people suddenly have a problem because age verification is generally synonymous with tracking. And I agree tracking is a huge concern. But let’s not pretend that the government stepping in to protect children is actually an unreasonable thing.
> So what is the problem? [...] It’s not a win for adults
But isn't that exactly the problem? What are you confused about? You think there's no issue with violating the privacy of all adults as long as children are unaffected?
> I've always taught my children never to use their real names online. Precisely to avoid creeps. Mandatory age verification means mandatory identification.
“Adults shouldn’t have to reveal their identities” is a totally legitimate concern. It’s also very different from the child scenario in this case because the entire point of revealing the identity is to gain access to features a child should not have access to.
Being an adult is the ability to be responsible for your actions. Arguing for the ability to disclaim any responsibility or risk of responsibility, at the expense of children's safety, is peak child behavior.
This view also makes a mockery of free speech, which was originally intended to allow mature adults to take responsibility and ownership of their actions and beliefs, not run away from them. The idea of running away from your actions and beliefs, in the name of freedom, inverts the entire philosophical foundation.
I have no problem with personal responsibility, I do have a problem with mass government surveillance. (Or depending on implementation, merely government control of private communications. Either way it's not a good thing.)
"You must give the government more control of your life or you hate children." is a bad argument.
You're conflating identification with surveillance; which are completely separate issues. Every bar that cards you isn't surveilling you. Every bank that KYCs you isn't obligated to track every purchase; if they do, the reaction is not to ban KYC, but ban the surveillance. Every library card you use to check out, is not obligated to sell your data; if they do, the reaction is to ban data sales, not library cards.
The cypherpunk ideology has convinced you that any form of identity verification equals totalitarian control, which is precisely the absolutist thinking that prevents reasonable child safety measures, and got us here. There's a massive middle ground between 'anonymous free-for-all' and 'government surveillance state' that you're pretending doesn't exist.
You might say that's a slippery slope. However, government at all is a slippery slope, a senator can literally propose anything at any time, and a Supreme Court ruling can practically do whatever it wants. And yet, every attempt at living without a government, has always been worse. The internet right now is like living in an anarchic society with moderators and tech companies as warlords. The warlords don't see a problem with this, but the majority of people underneath know full well there's a government already.
The cypherpunk ideology doesn't keep government out of tech. It just creates worse governments with less accountability and more power.
All this word salad and smooth talk about the "middle ground" just worries me even more. We have been living in such an unusual period of peace, prosperity and freedom that the pampered, wealthy segment of the Western people is considering children seeing porn as a some sort of catastrophe, warranting extreme countermeasures. However, meanwhile in the actual reality, people are still being killed on the basis of sexual orientation.
I would support reasonable measures to block children from accessing pornographic content, but making people upload government IDs or biometric data does not belong to the realm of what is reasonable.
Em. Thomas Paine, James Madison, Alexander Hamilton, John Jay, Benjamin Franklin, John Marshall, John Locke, Immanuel Kant, David Hume, Baruch Spinoza, René Descartes and many, many more wrote anonymously.
Some wrote anonymously because they wanted the words to speak for themselves, such as Madison, Hamilton and Jay writing the Federalist Papers.
Some did it because they thought their name might detract from the message - such as Franklin's writings when he was a teenager.
And some others did it to avoid consequences for their opinion - such as when Thomas Paine penned the case for American independence - literally treason. Even Paine's publisher, Benjamin Rush, remained anonymous!
The idea that free speech without responsibility wasn't a consideration seems contradicted by how utterly pervasive it was by classical liberal philosophers and founding fathers and how influential those writings were to the founding of the country and the creation and passage of the first amendment.
Your reply has been generated! In order to receive your reply, please complete a routine Age Verification check. To verify, simply post a copy of your government-issued ID into the comment box.
FAQs:
Q: Why should I give some stranger on the internet a copy of my government ID?
