Even if you could do this in every single country (it would already be extremely hard to actually do this in the United States reliably, and I can only imagine it is basically a non-starter in a lot of developing countries) it does pose so, so, so many problems.
- How can you ensure the system can't be abused if there's no identifying information passed? Don't get me wrong, this is also a problem with current systems, maybe even worse. But if it's privacy preserving, ... Almost all kids under 18 have parents or guardians. Almost all of those parents or guardians are 18 or older. So literally all you have to do to bypass age verification is steal their ID for a few minutes? There are also a myriad of solvable problems that aren't guaranteed to be solved without care, like ensuring that the same ID is not used 100,000 times.
- This is a job that is best suited for the government to handle. The internet is global though, and there are a lot of governments. In the U.S., there is in fact not one federal ID, but instead we use state IDs. I assume that means you now need to handle around 50 different state IDs to be able to verify someone's identity, but it actually gets even worse than that, because some people will have IDs, and some will have drivers licenses, because oddly enough that's just how we structure IDs here. People without drivers licenses may have state IDs which are often intentionally visibly distinct to make sure they can't be mistaken for the other. In states I'm aware of, you'll never have both, the driver's license acts as a state ID if you have one. Now scale that to every country on Earth.
- As insane as it may sound, there are plenty of people who don't have essentially any form of ID. You might think I'm over-estimating the numbers with "plenty", but even just in the United States, it's literally over 2.5 million, off the top of my head. (No idea what the best source is here.) The closest thing we have that every citizen is supposed to have is Social Security, but that isn't really usable as a form of ID for various reasons. (And frankly it's a pretty terrible means to verify someone's identity at all anymore in the Internet age, but oh well.)
I'm totally sympathetic to the fact that people really don't want their kids browsing porn on the Internet, but children basically can't pay for Internet access or afford iPhones. I think it's insane that people keep suggesting using advanced cryptography, zero-knowledge proofs, privacy pass tokens or whatever else for a problem that so clearly needs to be solved socially and not technically. (And obviously, only the surface-level aspects of this are really about porn. We all know it's deeper than that, and if it wasn't, the UK would readily exempt Wikimedia from these requirements. I hope nobody here is deluding themselves into thinking this is a noble effort.) You are literally giving your children a device that can easily obtain porn and letting them use it unsupervised. It's not like it was a secret: Avenue Q told you everything you needed to know. I get that raising kids is hard and society pressures you to do this, but isn't that the problem you'd rather tackle?
The problem is that we've let this idea that you can solve the problem like this enter the mainstream, and now that we have, even smart and reasonable people may accidentally convince themselves that it is tractable just because it is technically feasible to devise such a system. This is bad because we're going to waste a lot of energy repeating ourselves on thinking about the entirely wrong way to look at things.
> Almost all kids under 18 have parents or guardians. Almost all of those parents or guardians are 18 or older. So literally all you have to do to bypass age verification is steal their ID for a few minutes?
Presumably this is the purpose of the PIN, which I assume is in the owner's head, not on the card (otherwise it would be redundant with the NFC chip).
Look, I'm not trying to paint the picture that the problems aren't technically solvable; the fact that it kind of is is the part that makes this discussion so durable.
I admit that PIN verification would make it harder to bypass the system, though to be honest with you, I think it's also not really hard to realize that some kids will still manage to figure out their parent's PIN numbers, which they will likely re-use for their bank cards and a bunch of other shit, because most people don't really want to have to come up with 10 different PIN numbers, and we all kinda get the idea that PIN numbers aren't really that secure in the first place. Adding a PIN number requirement is probably a wise idea, but it does make the system a bit more of a PITA for everyone as people will inevitably forget their PIN and need to reset it or what have you. And I reckon that's basically how each countermeasure for problems of these systems go, each one just adds a little bit more pain depending on how hell bent you are on making it work. (I think the PIN number is good enough for trying to prevent someone for stealing your identity with your ID card to an extent, but not as good against people you live with misusing your ID card.)
Of course, you could keep going. You could try to come up with counter-measures to discourage someone from re-using their ID card for other people, and probably at least limit the impact of some of these issues to make the system basically work.
Even if you really do concoct the perfect solution for one country, you then have to make sure this problem gets solved correctly in every individual federal government, and then anyone who wants to offer adult content online has to individually handle identity verification across all countries that require it.
Meanwhile, we already have a system where essentially only adults can buy devices to connect to the Internet, and Internet service plans. You can't even get a debit card in the U.S. without being at least 18 years of age.
The 'bank <-> majority' solution was one I was favorable of... until we were recently reminded with Steam / Itch how the payments system does engage in extra-legal censorship.
We can fix the extra-legal censorship problem. Hell, it might've already happened in the U.S. possibly, because of Donald Trump's "Fair Banking" executive order; I know it couldn't have been the intent, but as written it sure sounds like it unambiguously makes it illegal to deny banking access for legal activity, and sounds like it might even apply to payment processing. I guess the plan after that is probably to strongly regulate adult content as part of Project 2025, but still, it does show that we could actually regulate payment processing such that you can't just claim harm to brand image and block of legitimate customers. I especially agree with this if we're going to do nothing about the massive obvious monopolies in the space.
> all you have to do to bypass age verification is steal their ID for a few minutes?
There are numerous interesting and/or problematic aspects of this, but this question is perhaps the least interesting.
If your kid, or anyone else really, steals your ID then age verification is the least of your problems. They could transfer all your money, move house, get married, change your name or a myriad of other much more serious things. Willingly letting your kid use your ID would be borderline illegal and not an insurance in the world would cover it.
> literally over 2.5 million
These people have never borrowed a book, visited a doctor, paid taxes or opened a bank account? There are many things in society that require validating who you are. Surely they have some form of ID. Perhaps just a more insecure one than a cryptographically signed.
I don't think a federal identity is as far fetched as you make it sound, for better and for worse.
> If your kid, or anyone else really, steals your ID then age verification is the least of your problems. They could transfer all your money, move house, get married, change your name or a myriad of other much more serious things. Willingly letting your kid use your ID would be borderline illegal and not an insurance in the world would cover it.
Yes, for most people, your kid absolutely could accomplish all of that. I absolutely could've done that as a kid. This is well-documented, you can find many cases of it actually happening. Kids can also steal your car keys and crash it, they do that. It's just that most kids don't just randomly go and commit crimes like steal all of your money, but they absolutely lie about being 18 and bypass restrictions meant for them. (Like for example, clicking 'I am 18' on websites when they're not. I've never done that, of course.)
> These people have never borrowed a book, visited a doctor, paid taxes or opened a bank account? There are many things in society that require validating who you are. Surely they have some form of ID. Perhaps just a more insecure one than a cryptographically signed.
> I don't think a federal identity is as far fetched as you make it sound, for better and for worse.
There's a lot of Americans who would have some choice words about that, and I suspect that is why we have 2.5 million Americans with no form of photo ID.
Also, I actually agree a federal ID is generally doable. I don't think it's a good solution for this problem, and I think it will be very difficult to enforce this one in the U.S. for cultural reasons.
> In the U.S., there is in fact not one federal ID, but instead we use state IDs.
That's only partially true. We also have federal IDs: passports, passport cards, permanent resident cards, DoD Ids, Transportation Worker IDs. There's also some other federally issued IDs listed as Real ID compliant [1], but I've never seen them so I didn't list them.
That's not exactly what I mean though, I really mean to say that there's no federal ID that you can basically rely on people having. I totally get that there are actually federal IDs, and probably could've worded that a bit better.
What I really mean is that among IDs you might expect every citizen to actually have, state IDs are basically the most reliable and even that only gets you around 99% of the way there.
- How can you ensure the system can't be abused if there's no identifying information passed? Don't get me wrong, this is also a problem with current systems, maybe even worse. But if it's privacy preserving, ... Almost all kids under 18 have parents or guardians. Almost all of those parents or guardians are 18 or older. So literally all you have to do to bypass age verification is steal their ID for a few minutes? There are also a myriad of solvable problems that aren't guaranteed to be solved without care, like ensuring that the same ID is not used 100,000 times.
- This is a job that is best suited for the government to handle. The internet is global though, and there are a lot of governments. In the U.S., there is in fact not one federal ID, but instead we use state IDs. I assume that means you now need to handle around 50 different state IDs to be able to verify someone's identity, but it actually gets even worse than that, because some people will have IDs, and some will have drivers licenses, because oddly enough that's just how we structure IDs here. People without drivers licenses may have state IDs which are often intentionally visibly distinct to make sure they can't be mistaken for the other. In states I'm aware of, you'll never have both, the driver's license acts as a state ID if you have one. Now scale that to every country on Earth.
- As insane as it may sound, there are plenty of people who don't have essentially any form of ID. You might think I'm over-estimating the numbers with "plenty", but even just in the United States, it's literally over 2.5 million, off the top of my head. (No idea what the best source is here.) The closest thing we have that every citizen is supposed to have is Social Security, but that isn't really usable as a form of ID for various reasons. (And frankly it's a pretty terrible means to verify someone's identity at all anymore in the Internet age, but oh well.)
I'm totally sympathetic to the fact that people really don't want their kids browsing porn on the Internet, but children basically can't pay for Internet access or afford iPhones. I think it's insane that people keep suggesting using advanced cryptography, zero-knowledge proofs, privacy pass tokens or whatever else for a problem that so clearly needs to be solved socially and not technically. (And obviously, only the surface-level aspects of this are really about porn. We all know it's deeper than that, and if it wasn't, the UK would readily exempt Wikimedia from these requirements. I hope nobody here is deluding themselves into thinking this is a noble effort.) You are literally giving your children a device that can easily obtain porn and letting them use it unsupervised. It's not like it was a secret: Avenue Q told you everything you needed to know. I get that raising kids is hard and society pressures you to do this, but isn't that the problem you'd rather tackle?
The problem is that we've let this idea that you can solve the problem like this enter the mainstream, and now that we have, even smart and reasonable people may accidentally convince themselves that it is tractable just because it is technically feasible to devise such a system. This is bad because we're going to waste a lot of energy repeating ourselves on thinking about the entirely wrong way to look at things.