WingNews logo WingNews
top | item 46764209

(no title)

ed_blackburn | 1 month ago

I think we need to accept that age verification makes the internet safer. What we cannot accept is age verification's use as a mechanism to pry too far into peoples lives. When we can separate age verification from who am I, most people will be happier. What's tricky is who validates age? Your ISP? Your government? Your OS? A thirty party? Who accredits third-parties, and can you trust them? I'm convinced there's a way to solve this do we can keep the internet safe and not intrude massively on peoples privacy.

discuss

order

ed_blackburn|1 month ago

I think the creeping invasion of privacy argument is backwards here. What we have today isn’t privacy, it’s abdication. Platforms are externalising risk onto parents and pretending the internet is exempt from the safeguards we accept everywhere else.

Either the tech industry solves this, or governments will. That’s not ideology, it’s capitalism. If we don’t build workable, privacy-preserving primitives, regulation will arrive in the most blunt form possible.

There’s a reasonable middle ground. Identity can be a first-class citizen without being leaked to every website. I don’t need to hand over my name, address, or documents to prove I’m over 18. I need a yes/no assertion.

Imagine the browser exposing a capability like:

> “This site requires age verification. Are you over 18?”

The browser checks via a trusted third party credential and returns a boolean. No DOB. No tracking. No persistent identifier. Just a capability check, much closer to how physical ID works than today’s data-harvesting mess.

As a parent, I already police my kids as best I can, and it’s imperfect. But the offline world has friction and gates: bars check ID, cinemas enforce ratings, shops refuse sales. Those mitigations don’t make parents redundant; they support them.

Online, we’ve chosen to pretend none of that is possible. That’s not a principled privacy stance.

If we don’t design these primitives ourselves, we will get crude, insecure age databases, mandatory uploads of passports, or blanket bans instead. This is the least bad option, not a slippery slope. Collectively we have solved far harder problems.

chrisjj|1 month ago

> I'm convinced there's a way to solve this

Then you will be rich. Because no-one else has found a way to keep your age private whilst disclosing it.

bjackman|1 month ago

I don't think it's possible? You could imagine some sort of certificate scheme where the govt issues a thing that says to a 3rd party "we certify this person is 18 but in a way that doesn't reveal who they are". You could also implement that in a way where, even if the 3rd party reports the details of an authorisation to the govt, the govt can't say who was involved in that auth.

But in the latter case, the system is wildly open to abuse coz nobody can detect if every teenager in the country is using Auth Georg's cert. The only way for that to be possible is if the tokens let you psuedonymise Georg at which point it's no longer private.

The answer is to leave this shit to parents. It's not the government's job. It's not the government's business.