this post was submitted on 15 Apr 2026
893 points (98.5% liked)
Technology
83893 readers
2875 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Remember folks, age verification is personal identity verification.
💯 don’t call it age verification - that’s just what the unmasked scooby-doo villain is still hiding behind.
Well they could do it the right way where, for example, you go to your city hall to get a certificate of age where they check your ID. Then some cryptography happens so you only enter a public key from that certificate on a website or OS to verify your age.
The website or OS doesn’t check your ID. City hall doesn’t know your browsing history.
But I’m not fooling myself, that’s not the point of such a law.
no implementation of personal ID for internet access will ever be "correct."
That's not true. It's simple if all you actually want is age verification.
You go in to the government building and show your ID. Seeing you are 18 or older you get to go to another room where they don't check your ID, just give you a token saying the one holding it is over 18. Make the token like a FIDO key where you have a pin you set yourself.
There is an air gap between the validation and the token creation so there is no way to go from token to ID. You make the key use a pin so we consider it to be once usable by one person.
The issue is not about the technology. The issue is that we all know this has nothing to do with kids getting on porn sites.
Now you have trusted the user not to provide the PIN to another, and the implementation is no longer correct. You'd at least need to use biometrics to tie the key to the person.
You are changing the goal. The point of this is to provide THE USER with a solution where they don't have to give away their personal information to the Government or the 3rd Party site. We do not care about situations where users commit crimes as that means our focus is on the Government's needs which they would already have met by just implementing a "Show us your ID" solution.
Now you could make the pin be a biometric so it's physically connected to the user. But part of the solution needs to be that the token is not identifiable with the user. If I pull of my wrist band no one will know it was mine. If you throw out your token someone could go around testing everyone's fingers and find out it was yours.
Without ensuring that the key issued to one person is not used by another, the key does not prove the age of the user, and isn't that the whole point of the key?
no, the point of the key is to access infomatîon without giving away personal information.
Even a photo ID doesn't prove age. It just shows a record of what age the gov thinks someone is. They are still prone to forgery, misuse, etc. There isn't any actual method of showing someone's age so we can skip that part and focus on what the actual need of the user is, accessing a website while not handing over more personal information than is necessary.
What website is going to accept a key that doesn’t prove someone’s age though? We already have buttons that say “I’m over 18”. How this key better than that?
They are going to accept whatever the government says is acceptable. We are already seeing it where IPs from some states get blocked when state law says you need to submit an ID to get access to porn.
I think the issue you're having is that you're still under the impression that the point of this law is to actually restrict minors from accessing sites. It's not. And we know this because of what the politicians are doing and how they are doing it. I've written about this before but I'll give you the short version.
Self reporting Date of Birth doesn't work as people lie so you need something better. But as we have discussed there isn't typically a great option because of the way government and technology works. Anyone in the government who thinks any solution won't have holes is an idiot, so we can ignore those people for right now. The rest of the people pushing this bill must then have malicious intent.
What happens after this bill is implemented and holes are found? The same politicians say "We need to just go full ID instead of Age" and because they already have the bill passed for age it will be a far more simple bill to just bump up what goes into the Operating Systems. Heck it will most likely be snuck in some other unrelated bill and no one will care.
If all they really wanted was for there to be age restrictions they would have left it up to the service providers to find a way to resolve the age issue. This is how we see it implemented with all IRL issues. There isn't a government provided token created for the sole purpose of purchasing beer or guns or hard copy porn. When you go to a liquor store it is up to the seller to do a verification. I've seen people use foreign passports, one guy came into a bar I was working and showed me his birth certificate because he didn't have a drivers license anymore. If someone just looks really old they don't even get carded.
Why would we want the sites to find a solution? Because some solutions are bad, like giving your full ID. If any site asks for that people can say nope and not use those specific services, finding alternatives that ask in ways the individual is comfortable with. You can trust who you want to trust and ignore those you don't. Where as if the government takes the info an keeps a big database and you have no other options you're just SOL.
Would these tokens be unique per website visit? Are they generated by the user or the government?
It can be a shared token. For example a cryptographic hash. There are many solutions for the problem of certifying a token while giving no traceable data.
In most solutions there would be the traceability of knowing "User X went to site Y and site Z" but never knowing who "User X" is. There have been solutions proposed that create site specific hashes where it becomes more difficult if not impossible to track a user across different sites. So it just depends on if this issue needs to be resolved or not.
Personally I would be fine letting every porn site I use know I've been to every other porn site. If you wanted to go somewhere that you don't want them to know, throw out your token and go get a new one.
Exactly. Digital ID verification is in no way comparable to physical ID verification.
incorrect.
Please do explain why you think digital id verification is indeed comparable to physical id verification.
Never say never there is ALWAYS a way to do things right. But our government is too stupid to do it. So it might as well be impossible. Kek
If it’s completely local I’m less worried than online verification.
I’m not uploading any age verification online. I’ll quit the internet first.