I’ve been thinking of possible ways that you could prove you’re of legal age to access a site through a government service without the government being able to know who the user is, and I can’t really come up with a clean solution.
The best idea that came to my mind was that you could e.g. have a challenge system where the government service challenges the user to return an encrypted randomly generated value. Each user has e.g. an AES key assigned to them that corresponds to the year they were born in, e.g. everyone born in the year 2000 has the same encryption key in ther ID card, and they just use that to return an answer to the challenge. The government website can know all of the secret keys and just check if it can unencrypt the result with the correct one. This means that the government service won’t know anything about the user other than their year of birth, but can confirm their age.
Now two main problems are that, as everyone with the same year of birth has the same key, it could be possible to somehow leak one key and make it so that anyone can pretend to be born at that age, but considering this is for kids, exploiting that sort of problem is probably enough of a barrier to use. Another problem is that this would require you to scan your ID card with every use. Maybe you could accomplish this with a mobile app but idk if that’s possible to do in the same way.
There is no way. If identity is involved in any way, shape, or form it is a major privacy and security risk. Meta supports it only because it shifts responsibility and liability off themselves. In other words, it benefits them financially. Endangering the public for profit is their whole M.O.
How about parents just do their job and make sure their kids aren’t accessing stuff they shouldn’t? I’m a parent, and I’m already doing that, I don’t need the government to violate my privacy in order to be a decent parent…
Keep internet free. Like libraries.
I don’t want age verification for social media — I’d rather parents, who in 2025 probably grew up with connected devices, be responsible for it — but if they do force this, it should be part of the operating system. Sort of like Apple Pay and Google Pay where sites and apps can essentially put some boilerplate code in that’s easy to implement and all the sites/apps get back is a yes/no answer. Users only have to go through the process once. It protects privacy way more than giving your info to every “social media” site that comes along.
It’s not ideal but it’d be way more workable than having to provide ID to every site that has social media functions. I mean, you could classify any random forum or site with a comment section as “social media” if the definition is too broad. Things like Fediverse instances wouldn’t have to each write their own implementation. (Eventually, there would be trusted, mature libraries, obviously, but that could take awhile and presumably would need to be part of every browser/app language but also at least some code for every back-end language to store the data.)
I’d rather parents, who in 2025 probably grew up with connected devices, be responsible for it
That’s about as useful as saying that shops should be allowed to sell alcohol to 5 year olds and the parents should be responsible for it.
Of course they would. Not only would they get their hands on data users fully voluntarily give them by using their platform, but they’d get their hands on verified IDs and quite reliable family tie information. The potential loss of users is definately worth it for them (from their perspective).
In my opinion we would need an EU service that does the verification while sharing as little information as possible with facebooks services.
I think the EU service should only send back, if the person is allowed to use Facebook. A single yes or no. Which could mean both, that the person is either old enough or has their parents consent.
how would you ensure that this stays private? not just from facebook, but completely. as I see it, this would require some form of biometric authentication
I mean yes, the verification service would know about you. But since this is a trusted service, it would be me okay. It doesn’t even have to store the verification result, if you don’t want to
it would not be a trusted service, but at most legally. just like centralized chat scanning systems.
It doesn’t even have to store the verification result, if you don’t want to
“if you don’t want to” lol. you won’t decide whether they will store anything, silly. the control is theirs, cemented, the law is on their side, the political narrative will be on their side (think of the children!!), they’ll do whatever the fuck they want.
I thought that’s exactly how the porn age check is going to work
Which of course they wouldn’t do
Yeah… no, they already have access to all that. It’s the good ol’, if it’s gonna happen anyways might as well get behind it and get some good PR.
Fuck this
And multiplayer games, please, add multiplayer games…