> government passes law that requires companies to age verify users
> said government provides no way to actually verify a human's age
> hilarity ensuesIn the old days the put the porno mags on the top shelf so kids couldn't read them. That was hackable too but it didn't matter much.
If I've understood it correctly, Pornhub can't see anything except that you've turned 18 (no names, no date of births, nothing) and your local government can't see that you've signed up for Pornhub using the app.
https://www.eff.org/deeplinks/2025/04/age-verification-europ...
Having to use passports or poor solutions like face scanning isn't good enough. I guess the reason they don't do this is because they fear the cost, anything governments price up these days seems to be in the billion range. So the politicians who don't understand how cheap it is to build software assume it's way out of their price range.
It is literally illegal to slap a few lines of glue code and say “there’s your age verification, look how cheap it is.” The public would be happy about saving money right up until there’s a massive privacy breach and all the ways you cut corners are exposed.
I don’t know if leaving the standards unspecified is the right thing to do (it’s probably not), but don’t pretend like a government verified solution could ever be cheap when dealing with citizens’ identities.
The US refuses to do this, so we get a mess. Every state has different drivers license, Social Security numbers aren’t secure at this point, most people don’t have passports.
But if there was a true national ID, the government could provide APIs to verify those. Then these kind of things would be easy for the apps/sites.
All of that obviously ignores the problems in privacy from doing any of this in the first place, etc. i’m starting to think I’m on the side of our national ID given how much of a mess everything is with our current patchwork. But I certainly wouldn’t want to be giving it over to random sites.
We have sort of accidentally set up a system in which verifying someone’s age is a really really hard problem. If a credit card number or trying to use a photograph are the best tools we have it’s clear this doesn’t work.
Not saying it’s good or bad. Just that it’s intentional.
https://en.wikipedia.org/wiki/BankID
Need to buy "toys", vape products, alcohol... anything adult online?
There's a 3rd party web app (you rightfully don't trust) as an age check in the shopping cart / user account of any of these adult shops, and this has multiple ways of verifying your age - and one of them is the bank's api, you pick it, your bank's identity sharing page loads, you log in, it shows exactly what information will be shared in a bullet point list, you tap OK, immediately a request like "this app wants to know your age, please verify" pops up in your smart banking app on your phone, you tap ok, fingerprint scan, DONE.
Problem solved. The 3rd party app knows just what it needs to. All of this takes maybe a minute and your personal info is perfectly safe (unless you don't trust your bank at which point you have bigger problems to worry about...)
Everyone that have worked on passwordless authentication is ultimately responsible for this death of internet anonymity.
For example, our id's have a qr on it that contains some basic info. Why not provide a platform for age checks with that qr? Anyway, fuck them. Education goes a lot further than trying to force identity verification on private companies when there is no real life threat in play.
Here’s Google’s doc:
https://developers.google.com/wallet/identity/verify/accepti...
Looks like it will support zero knowledge proofs?
I, for example, couldn’t add my driver’s license even if I wanted to.
Not that different from "Drink a verification can to continue". Hilariously dystopian.
I hope they just improve that performance, rather than see this and back out of it entirely and require ID checks.
And that's why it's been bypassed already
On the other note, can one attach chrome devtools to any electron application?
Not the broken anti-competitive Google play store integrity (which is passing for any handset not patched for the last 8 years but with Google buttplug in it, effectively nullifying assurances from the attestation), but a proper hw attestation.
We want a broken and easily bypassable system that only exists to make do-gooders think they did good.
Some of the age verification systems that use digital ids (mDLs) do the same thing but people freak out about how they work because I think they misunderstand the tech.
They system basically asks the mDL via an api call "is this user above the age of 18/21" and the app only responds with a yes or no. It doesn't pass the users fulls details over or anything like that.
As in, if I repeatedly ask for age verification to the same service, does it know:
1) the identity of the user making the request, and 2) whether repeated requests comes from the same user (even if they don't know who it is?)
The vendor is https://www.k-id.com in Discord's case
Personally, I will never use Discord and they just gave me another reason not to.
Either way, when I see a person or business advertise a Discord link, I immediately think of either as immature.
I miss the days of forums, and wish something like them could thrive again instead of rather private, but importantly ephemeral chats.
Open source projects have long had ephemeral chats, private to the people in the chat at that moment - it just used to be called IRC.
This Epic, which famously had to pay half of billion USD settlement when they got caught for law breaking (collecting personal data without consent. Clearly against the law, because they knew they're collecting details of children) : https://www.exterro.com/resources/blog/data-privacy-alert-ft...
Did you never wonder why VPN ads don't really list any actual use cases, yet they're wildly popular? If you know what you need it for, the ad doesn't have to tell you - just has to tell you which company to give your money to.
> Concerned parents, it said, should block or control VPN usage.
Hilarious. I wonder if they realised...
Ridiculous.
And yeah, absurd.
(iOS Safari)
Okay turning off content blockers did the trick. AdGuard was blocking the whole site for some reason.
A law must mandate that an "adult" version of OS (or device) may be sold only to adult users. It is not difficult for Microsoft/Apple to implement this yet they do not want to for some reason.
This would allow more reliable age verification, without revealing identity of account owners. Well, maybe the govt wants exactly the opposite.
The Industrie enforces new rules and suddenly it costs $150000 and has awkward requirements to get your OS certified adult.
For the years to come only the most recent windows versions and customer devices like phones will work. No Linux will pay to get a standard they haven't asked for. Embed devices will stop working as more and more stuff gets simply flagged "adult only"
Just don't ... :)
Edit:// see Silverlight, or why it took years until something like Netflix was even legally technically possible
> This bill would require, among other things related to age verification on the internet, a covered manufacturer to provide an accessible interface at account setup that requires an account holder, as defined, to indicate the birth date, age, or both, of the user of that device for the sole purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store and to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed. The bill would define “covered manufacturer” to mean a person who is a manufacturer of a device, an operating system for a device, or a covered application store. The bill would require a developer to request a signal with respect to a particular user from a covered manufacturer when that user requests to download an application.
> This bill would punish noncompliance with a civil penalty to be enforced by the Attorney General, as prescribed.
[0] https://legiscan.com/CA/text/AB1043/2025 [1] https://legiscan.com/CA/text/AB1043/id/3134744
If you want to know more about this lovely bait-and-switch tactic used by the Golden State's legislature, see here: https://californiaglobe.com/uncategorized/gut-and-amend-bill...
I don’t understand why other countries can’t do the same.
How about we don't make lists of people visiting porn sites? How about we accept that children are part of society and not try to put them in little cages like songbirds?