What are your thoughts and experiences on stricter age verification?
What are your thoughts and experiences on stricter age verification?
By this I mean sites requiring stricter validation for accessing adult content, rather than just a simple checkbox. Stuff like credit card details or photos of government IDs.
This has been something that's been rattling around in the back of my mind for a while now. And with the place I live passing legislation requiring porn sites to use stricter verification, it's starting to feel like a real thing that can happen.
And... Honestly, it looks like this is probably going to start to be a thing everywhere, seeing how the world is going. To the point where VPNs are probably not going to stay a good way of bypassing it.
It's causing me an unhealthy amount of worry, because of all the privacy implications and the fact that it means some sites could pull out of my country entirely.
I figure I may as well ask people's thoughts and experiences here, rather than reading the same articles on Google over and over.
So, I guess some questions:
- Have you done any of this kind of verification before? How did you find it? Do you trust them with your identity?
- Would you consider sending images of your government ID to Discord/Google/Twitter/Bluesky/Furaffinity/esix to access adult content? They promise they use a third party verifier and delete it after use, of course.
- What about using less "important" forms of ID, like phone numbers, credit card numbers and whatever AI face scanning technology is hot right now?
- What about verifying for Yiffit and/or your favourite mastodon/lemmy servers? Presumably they'll also defer to a third party verifier, but I feel they'll try to go for a privacy focused one.
And let's not talk too much about specific jurisdictions and whether or not they are "right" to do this kind of thing. Or if it's going to be effective or not. I'm sure we all have thoughts about this, but that conversation isn't likely to go anywhere.
@wander , if you have the time, I'd also be interested in hearing your thoughts on this, as a site operator. Especially considering France is one of the places trying to push this.
Hello! Apologies for not seeing this earlier.
In case anyone's wondering my position on this matter, it's this:
- There is 0.00% chance that yiffit.net or packmates.org will implement any sort of ID verification system. I'd rather host the site in any other different jurisdiction than to jeopardize the privacy of our users or contribute to a version of the internet that's riddled with surveillance nightmares.
In the worst case scenario the site would even change owners (if my physical jurisdiction played a role in the matter) or I'd find any other way. This is not something I'm worried about since we have no shareholders, no need to be profitable in any way, and don't report to anyone but to ourselves.
Furthermore, if the internet continues going down such a path and there is a legal way to help people circumvent draconian restrictions by offering services such as a VPN, I would definitely look into hosting such a service. If there's anything I'm afraid of, it's the amount of time and effort I know I'm capable of recklessly sinking into privacy-oriented projects just to spite anti-queer, authoritarian and surveillance-state political initiatives :P
So, rest assured that Yiffit and Packmates will not make such ID a verification ever a requirement and I'd even encourage you to find ways to avoid any sites that make such requirements.
PS. We're now hosted in Germany by the way!
@Wander I'd like to think that I have some experience in hosting privacy-based services. I may block tor on my own website (mostly for security purposes), but I totally understand the need for privacy and would happily help set up a wireguard VPN or tor node to help that along.
Thank you for the offer. It's super appreciated. Right now I don't think it's necessary, but who knows what the future of the internet holds. If you have any idea or suggestion yourself, don't hesitate in letting me know!
There is no way I will ever submit a credit card or any official ID to a website that I have no idea of the data security in place. That is just an invitation to scammers to attack the site.
Or to cut out the middle man, it could be a great way to set up an identity stealing business.
Set up site.
Collect details.
Announce breach or not and just use the details gained.
No. This is a terrible idea that should not be tried.
@vlad76 @AwoosWhenClose
Strongly against this ideait might be innocent todays, what you do could be totally fine and legal today,
But you cant predict what happens tomorrow
Any pile of data, photos for face identification, verified traces of where you have been on the web and what you did there, could be stored forever any any time decades later used against you
Keep your online life hygienic
One server i was on required a photo of a drivers license or similar, with my username written next to it, but they encuraged you to blur out everything you could, except date of birth. At that point i'm no longer worried about any privacy issues
You might say that no longer proves your age, but a photo of the ID with all the detail doesn't prove anything either (how would you know it was really my ID?) so it works just as well
Had this issue with a fucking telegram group of all things and just started clowning on them sending obviously fake IDs.
I think a paw print should be sufficient
Even weak biometrics are somewhat identifiable, even ones that seem somewhat common may still be able to identify you, not very well but still best to just not to take the risk.
It is not technologically possible to verify an internet user's identity, there's always a way to bypass it. Best you can do is raise the barrier to entry, which is definitely something but is not equal to it being impossible.
Having said that, if it was possible to verify an internet user's identity, it would be necessary to make it illegal. Age verification being possible at all would be a disaster, we would need to invent ways to make it impossible so the internet can continue to exist.
Okay, wow. Thanks to everyone for responding, I appreciate it. To be honest, I wasn't expecting it to be quite so negative about the whole thing. I don't know why I wasn't expecting that, considering that we are a group of people that moved from a pro-privacy platform because it wasn't pro-privacy enough. But anyway.
I think that... Honestly, this being commonplace is going to be inevitable. The global mindset around this is changing, and even though we may fight against it, it feels to me to be an inevitability. Maybe I'm wrong. I hope I'm wrong. But I'm not optimistic.
I mean, I hate it and it sucks, but honestly at this point I'd probably go through with this kind of verification. Assuming I could trust the sites or third party authentication or whatever. I guess my fear of loosing access beats my desire for privacy... And besides, I already pay for stuff on Patreon, so my identity isn't exactly secret.
One way of doing this privately I did see people suggest (and I think was being looked at by my government?) was the following:
- You buy a card with a code from an IRL shop (who does the age checks with a driving license or whatever), which is valid for 24 hours.
- You make an account with an identity provider using this code (maybe they'll also want other information as well, because of course they will).
- With this account, you can then generate any number of random single use codes to give to adult sites to log in. They won't be able to see any of your account details, but they can use it to verify only that you are over 18.
(Of course, I know this isn't exactly perfect but it's hopefully good enough)
Hopefully a standard like that can arise, but I assume most third party identity providers will probably just use images of IDs and photographs. At least they promise to delete them afterwards, and I (perhaps naively) trust that most of them will.
Still, on the upside, if Telegram and Discord do go through with this and use proper third party identity services, they can hopefully allow you to share that with servers you're in, which means they don't have to do their own verification (which they'll do sloppily).
Personally, I hope Mastodon and Lemmy integrate support for these third party age verification services rather than pulling out of certain countries on principle.
Anyway, enough devils advocate and hoping that everything will be fine and work out in the end. Downvote away!
... Yeah, I'm really scared and terrified at what the government will require. Especially when it comes to social media services like Discord and others (which it has in its sights). Hopefully nothing will come of it and the internet can go back to what it used to be...
Fuck I'm messed up psychologically. ;_;
I am in favor of stricter age verification laws. Certain services and content shouldn't be easily accesible to children. Fortunately a lot of the more serioues ones, like gambling sites, already have these in place. But there are a lot of things still out there that could really use stricter age verification but isn't as important to go through the efforts of uploading an ID or linking your bank account. Examples would be: Video games with micro transactions, Social Media, Online Vendors, Dating Sites, and yes Pornographic content as well. Not all of them need to be 18+.
I really like the propsed solution by the French Government. A double anonymity system is perfect. You have one service that verifies your age and then generates a token for you and you use that token to verify your age. The token doesn't inlcude any personal information and if done correctly the services that generates the token also can't link you to a specific site. That sounds perfeclty reasonable, both for the users and the companies involved.
But I don't think it will replace uploading your IDs all that much. Sometimes you need to proof your identiy not just age. And I have used plenty of online services that require this in the past.
The double verification idea sounds good on paper, but still has some of the privacy implications uploading your ID has. For starters, you can really easily be tracked along the net for advertising purposes, and you can't just change a TOR/VPN output node and vanish.
Then there's the hacking problem. How can you trust that the verification company will keep your data safe? LastPass (I believe it was called that) lost the passwords of thousands of people, and they're supposedly a really professional and secure company that is focused on storing passwords.
And that's without taking into account the fact that any government or 3 letter organization can just ask this company and easily know where you've been.
I would never trust any system that requires a unique ID to verify your age/existance, and I would never upload an ID, drivers license or anything similar to a company I don't know.
The service providing the age verification doesn't know the site you needed the age to be verified for. So the government or anyone else can't just ask them because they don't know. There also is no reason for them to store your data so hacking wouldn't be a problem either. Obviously there is the danger of them ignoring the law/guidelines and storing a copy of your ID anyhow. But with enough oversight and control the risk should be minimized.
The fear of hacking is also overblown. Worst case scenario they get a copy of your ID and a single picture of your face. That would suck but they can also get that by hacking a bank, the DMV, an airline, a hotel booking site. There are so many places most people have a copy of their ID already that the fear of it being stolen in a hack isn't really a valid argument against the service. The age verification service isn't going to increase your risk at all.
And the entire point of the system is to create a service you can trust enough to upload your ID to. That is similiar to a bank, an airline, or a government agency.
That double verification system sounds like a very good solution to this problem!