this post was submitted on 24 Feb 2026

27 points (100.0% liked)

technology

24259 readers

399 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 5 years ago

MODERATORS

context@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

Wakmrow@hexbear.net

SwitchyandWitchy@hexbear.net

The Age Verification Trap (spectrum.ieee.org)

submitted 2 days ago by git@hexbear.net to c/technology@hexbear.net

15 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] DasRav@hexbear.net 16 points 2 days ago* (last edited 1 day ago) (4 children)

If there was an actual interest in actual security and privacy at all, we'd have a system something like this:

The government has your data. Like it or not, they do. So the government gives each citizen a token that is anonymous but unique. Like, just a long string of numbers.

If some place on the internet wants to verify your age, you tell it the token and the country it's from. The site then asks the government database if this is a valid token for adult stuff and the government server that knows sends a yes/no back.

At no point does Discord or whoever have my ID or biometrics, but they still know I am of age.

Every incentive to verify age that isn't set up like this or in some other anonymous way is simply an attempt by the service provider to get more information from you and sell it later, or use it to give you more targeted ads, or both. Most likely both. They just get to hide behind the idea that politics is making them do it because politicians that push for this do so on the behest of these same companies, opportunistically pushing the savety of children forward so they can get these laws through.

edit To anyone who sees this after the fact: The worst thing about the internet is that, if you write anything, people will critique not the idea you are trying to convey, but the boring minute details they spot that are maybe not 120% explained in enough detail. They will then hone in on that and call your point wrong, because you didn't write a ten page essay about a topic that should not need even half a page to convey it's idea. Replies like these is why I stick mostly to one-line snark replies. Effort posts are for chumps.

[–] queermunist@lemmy.ml 16 points 2 days ago (2 children)

Unless the government generates a new token every time you log on to the internet, eventually data collection will de-anonymize the token. Any unique information will always become identifiable with enough data collection.

[–] spectre@hexbear.net 5 points 2 days ago

Yeah it should be disposable. You have to get a new one next time you sign in to something.

[–] DasRav@hexbear.net 1 points 1 day ago

Yes, I know. I didn't write it because I was in a hurry and forgot in the moment. This change wouldn't make what I wrote unfeasible though

[–] plinky@hexbear.net 9 points 2 days ago* (last edited 2 days ago) (1 children)

every page and content access can then be tied to your unique id by government and service provider by excessive checks, no?

on the billion of tokens like 50 requests will uniquely identify you as well (by say, commercial map provider checking if they can show 18+ businesses to you, as an easy example) to commercial providers

feel like hardware locks on the phone level are more straightforward, home networks are parent responsibility (and give kids with desire to watch restricted content know-how about networks), libraries and public spaces are whatever, not a problem. But then again, this is all assuming there is an argument in good faith somewhere there.

as a neolib solution, just fine 1 dollar for every ad shown to a minor, real quick solution.

[–] DasRav@hexbear.net 2 points 1 day ago

Technically yes, but Discord or BoobaXXX.com won't do that work. It's good enough. Especially if the number token is generated new for each query, which I admittedly forgor to write in my example.

but yes, you are right, there would be better solutions. People nerdier then I can come up with them and have. My point wasn't to give the perfect unassailable one, but to make clear that politicians and websites are transparently not caring one iota about citizen's privacy or safety, even as safety of children is bandied about as an explanation why this garbage needs to be added to everything.

[–] M1k3y@discuss.tchncs.de 5 points 2 days ago (1 children)

Actually there are even better ways. It involves some complicated crypto, but it is possible to create zero knowledge proofs that require a document signed in a specific way and then allow anonymous and unlinkable presentations. So you can use the same age restricted service multiple times and they have no way of linking your requests to each other.

Thats whats planned with the European digital identity. Theres still some problems with EUDI, but it's mostly acceptable.

[–] DasRav@hexbear.net 1 points 1 day ago* (last edited 1 day ago)

Oh absolutely. I was writing an easy explainer of what is very easily possible and forgor about that because I was doing so at work ;)

[–] Infamousblt@hexbear.net 1 points 1 day ago (1 children)

The government has your data. Like it or not, they do. So the government gives each citizen a token that is anonymous but unique. Like, just a long string of numbers.

Congratulations you just invented the social security number

[–] DasRav@hexbear.net 2 points 1 day ago (1 children)

The point of not giving the website your SSN, obviously, is that that identifies you. A random number (that could be generated per request as well, I did not write that but obviously it could) would not share your identity.

[–] KhanCipher@hexbear.net 1 points 1 day ago (1 children)

So... the SSN. Like no matter what, the system you're proposing is going eventually piggy backed on as a convenient system of proving someone is who they are, like the SSN was despite all the problems with it.

[–] DasRav@hexbear.net 1 points 1 day ago

The process I have written would be:

You generate a key from a website run by the government
you give the key to whatever service you want to verify your age on
the service asks the government website "Is this a valid code you generated?"
The government website responds with yes/no and then invalidates the key so it cannot be used a second time.

In this scenario, the service you need to validate your age on knows nothing about you except that you are of age and the government can, at most, log who made the request for validation for the key. You could also anonymize that step though, if privacy was an actual concern.

The process with your SSN is

you give the service your SSN
They save it and ask the government to verify it, thus allowing them to know who you are and where you live and leak that data in a data breach 6 months from now.
That's it, that's the process.

I don't think they are quite the same.