Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
view the rest of the comments
The government already knows all our ages, right? They issue our IDs after all. Have the government provide a "yes, this person is over 18" service. There are ways of providing signed files/tokens which don't contain personal information.
If the government wants to write a law, then I think it's reasonable they're also responsible to help with a solution.
In order to provide a "yes, this person is over 18" service for a vendor, the vendor has to know which real name (or other personally identifiable piece of information) to look up, don't they?
So if you have to provide the vendor with a real name, phone number, ID card number or selfie that identifies the account "draco_aeneus@mander.xyz" with "John Doe/555-4556/X1234567" that eliminates your anonymity, they've accomplished surveillance over your personal opinions and whatever other content you share. The real problem isn't age verification, the problem is they're trying to eliminate anonymity.
The vendor/site does not need to know a name.
The idea is that people already trust the government with their identifying info. So what the government can do is issue, for example, an opaque "age ID" that is only to be used with an "over 18?" service hosted by the government. Then anyone visiting a website with age-restrictions would provide their age ID, which tells the site nothing about the user. The site checks the "over 18?" service. At no point do arbitrary websites need to collect identifying info.
Now obviously as I've described it, there are multiple problems:
One solution is to make the age ID into a "one time password" (OTP). Much like an authenticator app, you could have an app provided by the government which generates a new random OTP on request, and it would expire in a minute or so. Then users provide that instead of a constant age ID. Like before, the site checks the "over 18?" service using the OTP.
It's still not perfect, but you'll never solve the "adult buying beer for kids" trick without counterproductive measures. There are probably some additional tricks to make it better, but I don't want to get too far into it.
EDIT: One more point. Having this "over 18?" service is itself a privacy risk, because it relies heavily on your trust in the government not to conspire with the sites you are visiting or to just log info about all of the age-restricted sites you visit. There are apparently solutions to this problem involving zero-knowledge proofs, but I don't know quite enough to explain that entirely here.
EDIT2: I got curious and did a little more reading. The zero-knowledge proof idea kinda fails to prevent credential sharing, unless you rely on some kind of hardware cryptographic vault thing. I'm not sure if that ends up being strictly better than the service idea.
Another way you might prevent the govt from logging all of the age-restricted sites you visit is to put the service behind something like Tor to make the requesting site anonymous. But this still doesn't prevent the govt from just knowing that you visited some age-restricted site at a specific time. Still not ideal.
As far as I know the german e-passport function does provide good way already. You basically use your passport to make a corresponding app only send the information "over 'certain age' or under", technically no information needs to go to the government of when and where you try to vefify your age since it can all be done locally with your passport. The app is also open source if i recall correctly. It would definitely be a better option than any third party age verification but its not really used at all.
But i am not too familar with the actual working procedure of this function so it may not be entirely accurate.
The OTP solution seems like a really good idea actually
If something like this could work, that would be the best solution in my opinion