this post was submitted on 21 Mar 2026
11 points (86.7% liked)

Ask Experienced Devs

1470 readers
2 users here now

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
11
Could online age verification be done in a way that protects privacy and autonomy? (lemmy.world)
submitted 3 days ago* (last edited 3 days ago) by 58008@lemmy.world to c/ask_experienced_devs@programming.dev
52 comments fedilink hide all child comments
 

Apologies if this isn't the right place to ask this, but I thought actual developers with a deep understanding of how technology actually works would be the people to ask!

If you were tasked with setting up a safe and secure way to do this, how would you do it differently than what the UK government is proposing? How could it be done such that I wouldn't have to worry about my privacy and the threat of government suppression? Is it even theoretically possible to accomplish such a task at such a scale?

Cheers!

EDIT: Just to be clear: I'm not in favour of age verification laws. But they're on their way regardless. My question is purely about the implementation and technology of the thing, rather than the ethics or efficacy of it. Can this seemingly-inevitable privacy hellscape be done in a non-hellscapish way?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] partial_accumen@lemmy.world 1 points 2 days ago* (last edited 2 days ago) (1 children)

Correct me if I am wrong the base problem, but we're not trying to lock down the OS. We're trying to limit the adult internet to children right?

The problem here is that the OS and all applications on them would need to change their behavior based on the mode.

So the AuthZ event can occur at the remote web server (or server serving the API). Yes, those would have to change. The AuthN event would supported by the web browser (or other software) making the call to the remote server. So yes, those would have to support the check of the CPU flag.

How are you going to prevent ROM flashing or storage replacement to modify the OS or other software?

Legal protections, not technical ones. This is the same method we use to prevent someone from setting up a distillery in their kitchen and making their own whiskey. There's nothing technologically limiting people from doing this, only laws. Also, the only people breaking the law to circumvent the child protections would be children, or adults purposefully trying to assist children in bypassing this check. The children committing the crime would be handled in the existing juvenile justice system the same way an under-aged child that is caught with alcohol. An adult assisting children with circumvention would be prosecuted the same way as an adult that buys booze for under-aged children.

In this system, no adults would have to age verify. No adult identity would be sent anywhere. All devices are "adult" by default.

[โ€“] MentalEdge@sopuli.xyz 1 points 2 days ago* (last edited 2 days ago)

No. I'm asking how you'd make the child mode a truly one-way thing.

And you've essentially just admitted that you aren't actually suggesting that at all.

Physically blowing a fuse in a CPU to achieve an equivalent result to a text file containing a date, is a little silly.

If you're gonna fall back on legal assurances anyway, simply make it a software thing. Not being able to just unlock your devices when you're old enough is a recipe for e-waste, anyway.

In this system, no adults would have to age verify. No adult identity would be sent anywhere. All devices are "adult" by default.

That makes no sense. A single bit isn't significant unless read and enforced by software. And if you're suggesting "burning" or "purging" some kind of token thats to be authenticated to show a device is in one or the other... Then you've just added a new kind of hardware id.