Skip Navigation

What are your thoughts and experiences on stricter age verification?

By this I mean sites requiring stricter validation for accessing adult content, rather than just a simple checkbox. Stuff like credit card details or photos of government IDs.

This has been something that's been rattling around in the back of my mind for a while now. And with the place I live passing legislation requiring porn sites to use stricter verification, it's starting to feel like a real thing that can happen.

And... Honestly, it looks like this is probably going to start to be a thing everywhere, seeing how the world is going. To the point where VPNs are probably not going to stay a good way of bypassing it.

It's causing me an unhealthy amount of worry, because of all the privacy implications and the fact that it means some sites could pull out of my country entirely.

I figure I may as well ask people's thoughts and experiences here, rather than reading the same articles on Google over and over.

So, I guess some questions:

  • Have you done any of this kind of verification before? How did you find it? Do you trust them with your identity?
  • Would you consider sending images of your government ID to Discord/Google/Twitter/Bluesky/Furaffinity/esix to access adult content? They promise they use a third party verifier and delete it after use, of course.
  • What about using less "important" forms of ID, like phone numbers, credit card numbers and whatever AI face scanning technology is hot right now?
  • What about verifying for Yiffit and/or your favourite mastodon/lemmy servers? Presumably they'll also defer to a third party verifier, but I feel they'll try to go for a privacy focused one.

And let's not talk too much about specific jurisdictions and whether or not they are "right" to do this kind of thing. Or if it's going to be effective or not. I'm sure we all have thoughts about this, but that conversation isn't likely to go anywhere.

@wander , if you have the time, I'd also be interested in hearing your thoughts on this, as a site operator. Especially considering France is one of the places trying to push this.

22

You're viewing a single thread.

22 comments
  • I am in favor of stricter age verification laws. Certain services and content shouldn't be easily accesible to children. Fortunately a lot of the more serioues ones, like gambling sites, already have these in place. But there are a lot of things still out there that could really use stricter age verification but isn't as important to go through the efforts of uploading an ID or linking your bank account. Examples would be: Video games with micro transactions, Social Media, Online Vendors, Dating Sites, and yes Pornographic content as well. Not all of them need to be 18+.

    I really like the propsed solution by the French Government. A double anonymity system is perfect. You have one service that verifies your age and then generates a token for you and you use that token to verify your age. The token doesn't inlcude any personal information and if done correctly the services that generates the token also can't link you to a specific site. That sounds perfeclty reasonable, both for the users and the companies involved.

    But I don't think it will replace uploading your IDs all that much. Sometimes you need to proof your identiy not just age. And I have used plenty of online services that require this in the past.

    • The double verification idea sounds good on paper, but still has some of the privacy implications uploading your ID has. For starters, you can really easily be tracked along the net for advertising purposes, and you can't just change a TOR/VPN output node and vanish.

      Then there's the hacking problem. How can you trust that the verification company will keep your data safe? LastPass (I believe it was called that) lost the passwords of thousands of people, and they're supposedly a really professional and secure company that is focused on storing passwords.

      And that's without taking into account the fact that any government or 3 letter organization can just ask this company and easily know where you've been.

      I would never trust any system that requires a unique ID to verify your age/existance, and I would never upload an ID, drivers license or anything similar to a company I don't know.

      • The service providing the age verification doesn't know the site you needed the age to be verified for. So the government or anyone else can't just ask them because they don't know. There also is no reason for them to store your data so hacking wouldn't be a problem either. Obviously there is the danger of them ignoring the law/guidelines and storing a copy of your ID anyhow. But with enough oversight and control the risk should be minimized.

        The fear of hacking is also overblown. Worst case scenario they get a copy of your ID and a single picture of your face. That would suck but they can also get that by hacking a bank, the DMV, an airline, a hotel booking site. There are so many places most people have a copy of their ID already that the fear of it being stolen in a hack isn't really a valid argument against the service. The age verification service isn't going to increase your risk at all.

        And the entire point of the system is to create a service you can trust enough to upload your ID to. That is similiar to a bank, an airline, or a government agency.

        • I get that I may sound a bit paranoid about this, but I still wouldn't trust that system. How can I know for sure they aren't keeping a track of my whereabouts?

          Every website that verifies you needs to ask the service whether you're real or not. How can you be sure they're not telling it who they are? How can you be sure the verification service doesn't know who the requester is?

          Same thing goes for storing the ID. You really can't trust when they say they delete the info they get, or that they treat it correctly. But even if they weren't storing the IDs, it'd allow for possible physing attacks or even man in the middle attacks. Remember, all traffic on the internet can be seen by anyone in between you and the server hosting the service. If someone made a copy of that data, in 15 years time they could be able to decrypt it.

          And no, I've never uploaded a photo of my ID to any bank, airline or gov agency. I've always done this stuff in person, and if a website asks for a photo of an ID, that's a big red flag for me.

          But my biggest concern isn't even the security implications of it all. The internet has been working fine without those restrictions for more than 30 years. Why are they so important all of a sudden?

          If children connecting and accessing porn websites is such a big problem, why don't we teach parents how to block them in their router? Instead of funding a company that verifies people's age, the governments could fund the creation of a constantly updated domain blocklist for those pages, and there would be no security or privacy implications.

          • If children connecting and accessing porn websites is such a big problem, why don't we teach parents how to block them in their router? Instead of funding a company that verifies people's age, the governments could fund the creation of a constantly updated domain blocklist for those pages, and there would be no security or privacy implications.

            Don't get me wrong, I am in full agreement with you on the fact we should trust no one online to send our ID's in to be verified. The idea is absolutely criminal and reckless. I don't care if it is being done through a third party that merely gives you a token to access naughty sites.

            It's all an abuse of power and should be cut off like a cancerous tumor.

            But the problems with teaching parents to use a router means you will be limiting them down to one brand of router because every other brand has a slightly different interface. Or we introduce regulations to have a standardized interface across all routers.

            And if it is anything like the old apple airport routers or even the Google Wifi or Google Nest routers you need a specific app installed to access their features and functionality.

            I am not sure how it is in Europe or the UK, but in the US, not many parents are not technically inclined and not willing to go digging deeper into their router settings or look up ways to use the router to full effect to better shield their own kids from things like pornography.

            All that most people know is that router goes burrr and that is it.

            They look towards more technically inclined people to help them fix their computers, setup Plex, and maybe setup domain Blocklist if they have been informed about it.

            Most people do not want a class teaching them how to use a router to shield their kids from things like pornography. They want the simple and easy solution like a Token system since it takes all the work of protecting their kids off their shoulders.

            It makes governments like the US happy because many parents are lazy, they do not want to really raise their kid, so politicians will introduce laws like this because "it is to protect the children!"

            A dog whistle I am all to sick of hearing...

            • Sadly, I agree with you. Most parents don't know how to configure routers or networks.

              It's sad to see, because that was the strategy of big internet corporations. Dumb down the complicated process of using the internet, create proprietary solutions that "just work" and teach people that they don't need to know what they're doing anymore, that experts will take care of it.

              And while it was great and brought the mass adoption of the internet, it also created a generation that uses everything while knowing very little. It's not only routers or network stuff. I've met people who use Windows daily and didn't know how to install an app or even use the file explorer (they just dropped everything on their desktop). Some people don't even know the difference between the internet and Google.

              But these companies and corporations should be limited. There shouldn't be any product that, after purchasing it, you need to download an app in order to use. There shouldn't be any router that purposefully slightly changes GUIs so people are stuck with that brand. Governments should start doing something about it, but most people in power don't understand technology either.

              And by the way the internet is evolving, privacy will soon be almost impossible to have. You need to give X corporation your data in order to create a user account on your computer, you need to upload your ID to every webaite who asks, you need to have your phone tapped in order to use your washing machine...

              I know it's a very pessimistic point of view, it's just a little rambling on my thoughts on the web. But it really feels like the web is devolving lately, specially with Google's DRM, Manifest V3, Microsoft's ads in Windows or Apple's walled garden.

              I don't want to give up my privacy everytime I connect to the internet, and for now I've at least had the option to choose. But if governments start implementing measures like these, I can't really choose an alternetive, it's either no social media and limited internet or give up my info to a 3rd party.

              I've already accepted that I'll have to trust some government agency or third party company in order to verify I'm a human or that I'm 18+. But it feels like I'm losing something, not like I've contributed to the security of the net.

          • There is no technological solution proposed yet so I can only speculate. But there are ways to make sure no personal information is exchanged.

            The token doesn't need to be unique to you. You simply have a global token for each age bracket that changes every 15 minutes or so. Unless you are the only person to use that token they will have a hard time tracking you.

            And there isn't even the need to send a request to the service. You make the verification self-contained with the site you are signing up to. Kinda how some authenticatiors work. They still work even if you are offline. You just gain the code to the authenticator after verifying your age.

            Then organizations that concern themselves with privacy can monitor the system to see if any unnecessary communication is made. You probably could even track it yourself.

            Saying we where fine for the past 30 years isn't a good argument. The situation changed, children have more and more access to the internet. Pushing the responsibility on the parents won't work. Especially not blocking sites in your router. We already see it with piracy related sites that blocking access to them is a lost battle.

            And this doesn't just concern pornographic sites. It can be implemented in a side range of use. It can be used to limit access to social media sites. It can be used to prevent minors to sign up for dating sites. It's not too long ago an article came out that certain dating sites are frequently used to groom minors. It can restrict features in certain video games, like the online shop.

            So many things have changed in the internet over the past 30 years. People used to store passwords in clear text. Financial institutions had no oversight at all. Gambling was available to minors. Issues have been resolved as they become more pressing. And a better age verification system for online services is something that will barely inconvenience most adults but protect a bunch of kids. So in my opinion it would be worthwhile.

            Yes it's not fool proof, yes people will find ways around it, yes sketchy sites will just operate in countries that don't care. But just because a law and system isn't perfect doesn't mean it's useless.

            • I'm not really knowledgeable about verification tokens or verificayion algorythms. I don't know if what you say is possible and secure, as everyone can just copy the "35 years old" token and send it instead of their "14 y o". But I may be really wrong on this one or missing an important thing.

              I'm sure we can figure something out, and I'm sure a secure and private algorythm can exist. But who controls and makes it? Wouldn't corporations be incentivized to collect data on their users? They can even anonymize it and sell it. It would technically still be private, because it doesn't have your name on it. But big enough corporations can still assign that information to you. They know that much about you.

              I know it's pessimistic, and I totally understand and even agree with you in that blocking domains isn't really a good solution. It could work with less technically inclined children, but there will always be a way to circumvent it.

              And I also agree that laws and regulations can't be perfect. There will always be a downside to everything. In this case I'd prefer if they didn't implement the regulation, but who am I to complain. I just wish there were a better alternative for everyone.

    • That double verification system sounds like a very good solution to this problem!

22 comments